Apparatus and method for maintaining a software repository

ABSTRACT

A virtual installation map, and method involving installing a software functionality using the same, the virtual installation map including a first software installation map including a plurality of software elements representative of a related software file, the software elements also including at least one dependency to another software element. The virtual installation map further including a second software installation map also including a second plurality of software elements representative of related software file along with related dependencies. The first and second software installation maps may be hosted in separate databases and may relate to software products provided by different vendors. One or both software installation maps may include a pointer or other reference to the other installation map thereby providing a virtual installation map, in one example.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patentapplication Ser. No. 13/083,382 entitled “APPARATUS AND METHOD FORGENERATING A SOFTWARE DEPENDENCY MAP”, naming Michael J. Wookey asinventor and filed on Apr. 8, 2011, the entirety of which is herebyincorporated by reference herein, which is a continuation of abandonedU.S. patent application Ser. No. 11/862,987 entitled “APPARATUS ANDMETHOD FOR GENERATING A SOFTWARE DEPENDENCY MAP”, naming Michael J.Wookey as inventor and filed on Sep. 27, 2007, the entirety of which ishereby incorporated by reference herein, which claims priority under 35U.S.C. §119(e) to provisional patent application 60/890,171 titled“SYSTEM AND METHOD FOR DEPLOYING AND MANAGING SOFTWARE,” filed on Feb.15, 2007, which is hereby incorporated by reference herein.

FIELD OF THE INVENTION

This invention relates, in general, to software deployment, and moreparticularly to the installation of enterprise-wide softwareapplications based on customer-preferred installation parameters.

BACKGROUND

In order to run a software application on a computer, it usuallyrequires the execution of an installation program to install thesoftware onto the computer's hard drive or other storage medium.Depending on the size and complexity of the software, the installationprogram can be quite complicated. An installation program typicallymanages the installation of multiple files to one or more directorieswithin a file system of the storage medium. Often, existingconfiguration files are edited in order for the computer's operatingsystem to become aware of the new software. Further, some of the editedconfiguration files are accessed by other applications. Such changes toa computer's environment may cause problems, such that a newly installedapplication may not work correctly, or possibly worse, a previouslyinstalled application may begin to malfunction. Such problems become amuch larger concern when an application is installed on numerouscomputers across an entire company, sometimes referred to as anenterprise computing environment.

Due to such problems, the deployment and installation of softwareapplications in an enterprise computing environment is a major challengefor the software industry. A significant percentage of all softwareinstallations fail in some manner. A software installation failure canbe defined as some type of error that exists after the installation ofthe software. Errors can exist in both the newly installed applicationas well as in some previously installed application. Such errors includeinstallation time errors, run time errors, performance errors andcompatibility errors. An installation time error occurs during theinstallation of the software itself. Installation errors may result froman incorrectly linked software component, which would have been definedby an actual human, poorly written computer code that has not consideredthe current configuration of the client system or number of otherscenarios. Such an error may prevent the software application from beinginstalled successfully. In such examples, only a portion of the requiredfiles are installed, resulting in a partial installation which isincapable of running correctly. Efforts are then required to back outthe partial installation to return the computer back to its previousstate.

The next type of installation failure is known as a run time error. Arun time error is an error that occurs during execution of the software,but often occurs while initially launching the application. One type ofrun time error may result in a failure to launch the software, with nowarning or error messages stating the problem. In result, nothinghappens when the software is attempted to execute. Often times one ormore cryptic error or warning messages are displayed as to why theapplication has failed to launch correctly. Other types of run timeerrors may occur while using the application. Under various scenarios,such as an incorrect version of some software component in the clientsystem, the application may simply stop working during execution of oneor more features within the software.

Performance errors reflect problems that allow the application to loadand run successfully, but at some reduced level of performance. Forexample, in a typical installation of Apache Software Foundation™ Apache5.5 Web Server (hereinafter “Apache 5.5”), the software's ability toresolve one page of Hyper Text Markup Language (hereinafter “HTML”) codeand display the output on a webpage may take 5 milliseconds. In aperformance hindered installation of Apache 5.5, resolving anddisplaying a web page may take a full second, causing a drasticreduction in Internet browsing performance.

The last type of installation error involves compatibility problems withother applications. Compatibility problems may allow the newly installedapplication to run properly, but one or more previously installedapplications may fail to work correctly after the new installation. Sucherrors are often the result from a common file or group of files sharedbetween multiple software applications. For example, the parameters in agiven configuration file may be accessed by one or more applications.Such a configuration file may contain parameters required by thesoftware. A newly installed application may alter the parameters in sucha way that a previously installed application may be expecting certainparameters to have remained unchanged. In another example, one or moresoftware applications may depend upon the existence of a softwareservice that resides on a computer. For example, many applicationsrequire TCP/IP connectivity services, which is the standardcommunication protocol used by computers to communicate over theInternet. Installation of a new application may replace TCP/IP version6.2 with 7.0. However, previously installed applications may beincompatible with TCP/IP version 7.0, causing the existing applicationsto experience errors.

The reasons for such software installation errors vary. Some errors arethe result of the installation tools that install software onto acomputer. Normally, software is delivered to users as a compact disc(“CD”) or digital versatile disc (“DVD”) or other form of removablestorage media. A user would place the disk into the computer's opticaldrive and follow the instructions for installation. These instructionsare human defined tools that physically install the files onto a storagemedium. The tools are prone to errors during installation for a varietyof reasons. Installation errors may also result from the way softwareapplications are constructed and packaged, rather than the installationtools that apply the software onto a computer system. Installation toolsare human created, which allows for the possibility of human-generatederrors. The packaging and construction of software are also defined byhumans. As a result, the packaging of software may be prone toinstallation errors as well.

Software is normally constructed of multiple packages. Each packageusually has one or more pieces of functionality within the entiresoftware application. Each piece of functionality will further containnumerous individual files containing software code. An individualsoftware file comes in the form of differing types of functionality. Forexample, a software file could be a shared library file, configurationfile, executable file, etc. A shared library is a human understandablelisting of variables, functions or procedures that define how certainfunctions of a software application work. It would also be accessible byone or more other files, hence the reason it is called a “shared”library. A configuration file may also be in human understandablelanguage. Its function is to define variables that are used throughoutthe software application. For example, one entry in a configuration filemight specify that the default installation path for the software is/bin/usr/apps. This variable could be changed by editing the file at anytime. An executable file differs in that it is not readilyunderstandable by humans. The executable file is a compilation of one ormore files, containing software code, that have been compiled to createa binary file understandable to a computer directly.

In an example of the delineation of functionality between softwarepackages, an accounting application may contain a package that controlsaccounts receivable. Another package may control the functionality foraccounts payable. Such package-based presentation of a softwareapplication is the result of the way software applications are written.Software packages are usually written by numerous software programmers.In order to manage the efforts of each programmer, their tasks aredivided into small pieces of functionality where each functional piececan communicate with each other. The division of such functional piecesoften results in packages. For example, a software application maycomprise 57 packages, with each package comprising hundreds ofindividual files. One group of software programmers might be tasked withwriting the accounts receivable portion and its associated files, withanother group responsible for the accounts payable portion and itsassociated files. Knowing how to divide the functionality between eachsoftware package is as much an art as it is computer science.

The division of functionality between packages is the result ofcompromises. On one side, the more packages that an applicationcomprises, the greater the ability to divide functionality between eachpackage, resulting in a more compact and compartmentalized design. Forexample, if a software application contains 20 packages, the amount offunctionality required in each package is far more than if the sameapplication had 200 packages. On the other side of the compromise, thesmaller the number of packages, the easier it is for a systemadministrator to grasp the division of functionality. Typically, asystem administrator is the person or persons within an enterprise thatis responsible for installing and maintaining software applications inthe enterprise environment. When installing a software applicationcomprised of individual packages the administrator executes an initialinstallation script that begins the installation process. Depending onthe specific software application and its complexity, an installationscript may pose one or more questions to the administrator. Suchquestions might involve where to physically install the software withinthe computer's file system, what optional features or services aredesired, or the privilege level for installing the software.Conventionally, the software installation process is script driven.Installation scripts set forth the above types of questions and recordthe answers for later use during the installation. For example, if ascript asks where to install an application, the provided answer wouldthen be used during installation to install the application in thedesired location in the file system.

One way that an administrator is able to reduce the amount ofinteraction required during an installation is to modify theinstallation scripts to remove the questions and enter the answersdirectly into the script. Hence, when the installation script isexecuted, no questions are asked, as the answers are already provided.

Along with the compromises mentioned above, there are additionalproblems which continue to escalate over the life cycle of a typicalapplication. These problems are mostly centered on a concept sometimesreferred to as “software drift.” Once a software application and itsdivision of functionality between packages is defined, it becomesfamiliar to the system administrators who install and maintain theapplication. If the division of functionality between packages changesin the future (i.e., it “drifts”) whether from the fixing of softwarebugs, functionality improvements or additions, etc., this may causedifficulty for the system administrators who were already familiar withthe previous delineation of packages. Hence, software drift can create agrowing conflict between the needs of the administrators and thepreferences of the software developers as versions of a softwareapplication incrementally change. For example, when a softwareapplication is originally created, the original definition of theindividual packages within the application likely involved a compromisebetween the functional interaction between the individual files thatmake up the package and something comprehendible by systemadministrators. However, as software versions increase, it is likelythat the delineation between the packages will change which in turnincreases the complexity of the installation as well as the potentialfor various installation errors.

To address these problems, packaging formats for software arecontinually evolving. However, each change tends to represent minor orincremental improvements over the prior approach that only address theresults of the inherent problems rather than the inherent problems ofsoftware packaging. Much of the hesitation to change how software ispackaged is due to the unwillingness of software vendors to change theway software development projects are designed. A software applicationis a self-contained entity that can be delivered on a CD/DVD-Rom. Rarelywould this application have any relationships to any other softwareapplication. This is one of the major problems with the current methodfor software packaging. All of the decisions and software dependenciesare made at the time of the software creation. Hence, the developers areaware of the various computing system configurations and generallyattempt to account for them, but they know little about the uniquenessof the particular computing systems the software is installed on.

There are a number of software packaging formats in use today, many ofwhich date back to the 1980s when the current problems of softwarepackaging originated. FIG. 1 is a block diagram illustrating the generalcomponents in a conventional computer software package. There are fivemajor components to a basic software application 100. The core softwareinventory 110 is the main component that contains the actual files ofthe software application 100. These files are organized into packages.The core software inventory 110 is the eventual compilation of bits tobe installed onto a computing system. One or more of these files areoften stored in a compressed format.

Functional relationships with other packages 120 are the second majorcomponent of a basic software application 100. A functional relationshipis a requirement, by the software to be installed, that something elsemust exist before installation of the software application to runproperly. For example, a functional relationship may require that anadditional software application or service be installed before the newsoftware application can be installed. In order to install Apache 5.5,for example, TCP/IP services should be installed on the system. In otherexamples, a functional relationship may require that certain services beinstalled concurrently with the software to be installed, or thatcertain software or services not be present on the computing system dueto incompatibilities between certain software applications and services.

Finally, in yet another example, a functional relationship may requirethat one or more software applications or services be de-installedbefore installation of the new software because the new software mayreplace one or more packages.

The package manifest 130 is the third component in the basic softwarepackage 100. The package manifest 130 involves a list of all of thefiles with the packages that make up the basic software application 100.Thus, the manifest lists all of the files in the core software inventory110. The manifest is often used for validation purposes in order toconfirm that each and every file required for installation is accountedfor within the software inventory core.

A pre-installation script 140 is the next component in the basicsoftware package 100. This script describes what needs to be validatedprior to the installation of a software application. Generally speaking,a script is a software file that sequentially lists steps that are to beexecuted. For example, a script may list steps for creating a newdirectory, moving files into it from another location, validating thesize of the files as being within a threshold range and sending an emailif the files are outside the threshold range. There are numerousscripting languages that exist for writing scripts, such as: perl,python, tcl, etc. As mentioned above, there can often be numerousdependencies that exist between the software to be installed and othersoftware or services that may be needed, etc. Other validationrequirements may be included in a pre-installation script 140 aside fromdependencies. For example, the pre-installation script may look todetermine if there is enough disk space to install the softwareapplication. Another example is whether there is enough memory availableto run the application effectively. Further, the pre-installationscripts may also serve the purpose of asking a system administratorquestions regarding the installation. Examples of such questions werediscussed above.

A post-installation script 150 is the final component in the basicsoftware package 100. Similar to the pre-installation script mentionedabove, the post-installation script 150 describes what needs to beperformed after installation of the software application 100 has beencompleted. An example of such a script entry may be that the computingsystem needs to be rebooted in order for new startup processes to beloaded or old ones to be deleted. In another embodiment, thepost-installation script 150 may require de-fragmentation of the harddrive, depending on the nature of the installation and where the filesare store on the hard drive.

FIG. 2 is a block diagram that illustrates the functional relationshipsbetween the packages that comprise Software Application A. Softwareapplication A (200) comprises packages 1-5 (210-250). Each packageencapsulates a group of one or more functions required to install theapplication. Coming out of each package are a number of straight linesconnected to other packages. These lines 205 illustrate the functionalrelationships that exist between packages. For example, package 1 (210)has an interrelationship with packages 2 (220), 3 (230) and 5 (250).Hence, it is not possible to install package 1 (210) without theinclusion of packages 2, 3 and 5 as each of these packages interrelateto one another. For example, package 1 may provide the function ofaccounts receivable within an accounting software application. Sinceaccounts payable (e.g., package 2 (220)) is an essential part of thesoftware application, it would not be possible to install package 1without also installing package 2. Further, package 2 (220) also has afunctional relationship 205 to other packages. Packages 3, 4 and 5 (230,240 and 250) also have functional relationships 205 to other packages.In this example, there are only five packages, which are quitemanageable for a system administrator. However, if those five packagesare extracted down to the granular level (not shown for simplicity),there may be thousands of files with thousands of functionalrelationships between the files. A typical system administrator would begreatly challenged to comprehend the hierarchy and functionalrelationships of so many files.

Much of the recent development of software packaging has focused onimprovements in three core components of the basic software package,namely functional relationships on external application,pre-installation and post-installation scripts. Software vendors areputting forth much effort on making improvements to the pre-installationand post-installation scripts and their descriptions. One of theoriginal challenges to software vendors was that these scripts were notwell validated and could not adjust to specific installation needs. Oneattempt at addressing this challenge is by writing scripts with metalanguages, such as XML. This may allow for a more syntactical runtimeverification of these scripts. An example of such XML-based installscripts is the Debian packaging format used by many recent versions ofthe Linux™ operating system.

Management and validation of functional relationships is the other corecomponent where much effort is being placed on improvements to the basicsoftware application. The generation of functional relationships arehuman defined. This means that software developers have to determinewhich functional relationships are required before installation of asoftware application. As such, the creation of functional relationshipwithin software is prone to human errors since they are artificiallycreated during development and do not necessarily correspond to theunique functional relationships that may occur during installation. Inother words, conventional functional relationship creation occurs at apoint in time before the installation of a software application. Hence,these functional relationship are generic in that they exist for allcomputing system configurations without any ability to change dependingon the uniqueness of each computing system environment. Another problemthat can exist from the human declaration of functional relationshipsare circular relationships between individual software files that cannotbe resolved because the relationships are created based on artificialconstraints. A circular relationship occurs when two software files orfunctional blocks of software code are both declared to relate to eachother. As a solution, developers are creating automated validators thathelp define functional relationships. Such validators can then be usedvalidate the functional relationships in a software package.

As described above, there are inherent problems with the way thatsoftware is conventionally packaged and installed on computing systemstoday.

SUMMARY

Aspects of the present invention provide a novel approach to packagingand installing software. In order to streamline the softwareinstallation process, system administrators should be provided theopportunity to install the minimal components and features they need.With conventional packaging techniques, this ability is strained.Conventionally, software applications are divided into distinct packagesof functionality. Each package usually includes more functionality thanis needed for a custom installation. However, there is limited abilityto pick and choose the functions desired. As a result, installedsoftware applications often include more functionality than desired. Assuch, additional disk space and other finite computing resources arewasted. Further, system administrators often resort to manual deletionof unneeded functionality which can further reduce the stability oftheir systems. Other problems with conventional software packaging andinstallation techniques result in many failed installations.Installations may fail in a number of ways as described in Section II.Implementations conforming to aspects of the present invention or thoseset forth in the related applications succeed in reducing the number ofsoftware installation errors by learning from the mistakes of previouslyfailed attempts and customizing installation routines to circumvent suchfailures. Various implementations of the present invention may alsorecognize that the way to address these problems is not to incrementallyimprove the existing approaches to software packaging where dependenciesare created during the development cycle. Instead, aspects of thepresent invention revolve around delaying the time for dependencycreation to the time of each individual install.

These and other aspects of implementations of the present invention areset forth in greater detail below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 (prior art) is a block diagram illustrating the generalcomponents in a conventional computer software package;

FIG. 2 (prior art) is a block diagram that illustrates the functionalrelationships between a set of packages for an example softwareapplication A;

FIG. 3 is a flow diagram illustrating a method for installing anapplication involving the operation of unpacking a software application,generating a file-level dependency map, and using the map to install anapplication;

FIG. 4 is a block diagram depicting one example of a client-serverarrangement that may be used in some implementations set forth herein,the arrangement involving a dependency map hosted at a server-sideconfiguration and available to client-side system administrators wheninstalling software;

FIG. 5 is a flow diagram of aspects of a particular method of performinga software installation;

FIG. 6 is a block diagram illustrating a portion of a softwaredependency map;

FIG. 7 is a block diagram illustrating dependency map generator modulesthat are involved in building and/or refreshing a software dependencymap;

FIG. 8 is a flow diagram illustrating aspects of one particular methodof generating a dependency map;

FIG. 9 is a flow diagram illustrating one particular method ofgenerating a dependency map;

FIG. 10 is a block diagram illustrating an OS specific module as well asadditional modules involved in resolving dependencies between softwareelements;

FIG. 11 is a block diagram illustrating an example of a dependency mapwith a software boundary overlay;

FIG. 12 is a flow diagram illustrating aspects of one particular methodof creating a software boundary overlay in a dependency map;

FIG. 13 is a block diagram illustrating components involved independency route calculation;

FIG. 14 is a flow diagram illustrating aspects of a method of generatinga dependency route for installing, updating, or otherwise modifying anapplication or “installation” on a target computer or computers;

FIG. 15 is a block diagram illustrating an example of a dependency routeoverlay;

FIG. 16 is a flow diagram illustrating aspects of a method of generatinga rapid dependency route for installing, updating, or otherwisemodifying an application on a target computer or computers;

FIG. 17 is a flow diagram illustrating aspects of a method forperforming a pre-installation verification of a dependency route;

FIG. 18 is a block diagram illustrating another embodiment of adependency route calculator that includes modules that collect and usesuccessful and unsuccessful installations to optimize futureinstallations, amongst other functions;

FIG. 19 is a method for updating a dependency graph to account forsoftware elements that may no longer be useful in installations;

FIG. 20 is a block diagram illustrating a software management agent on atarget computer that tracks and analyzes information about run-timefailures and performance statistics of successfully installed routes andcommunicates the information to component modules in dependency mapgeneration to optimize installation route information;

FIG. 21 is a flow diagram illustrating a method for performing asoftware installation simulation;

FIG. 22 is a flow diagram illustrating aspects of a method forvalidating an installation using a installation validation thread;

FIG. 23 is a flow diagram illustrating aspects of a method forperforming a system rollback; and

FIGS. 24A and 24B is a flow diagram illustrating aspects of a method forduplicating software across multiple servers.

DETAILED DESCRIPTION

This detailed description of various implementations of the inventionclaimed in this or the related applications is subdivided into six majorsections: section I (“Introduction”); section II (“Removing the Need forSoftware Packaging”); section III (“Software Dependency Maps”); sectionIV (“Software Dependency Routes”); section V (“Enriching the DependencyMap by Monitoring Software Installations and Performance”); and, sectionVI (“Software Installation Simulation and Intelligent SoftwareDe-installation”). The first section provides an introduction and adescription of some of the overarching concepts of a dependency map andrelated implementations set forth herein. A dependency map involves acollection of software elements, which each include a reference to sometype of software file, and the dependency relationship between thesoftware elements. The dependency map provides the vehicle by which asoftware application may be installed at some target computer. Finally,the introduction provides a description of a service provider thatgenerates and hosts a software dependency map for use by a client forinstallation.

The second section provides a detailed description of a method forinstalling software that begins at the file level rather than thepackage level. If individual software files are removed from theconstraints of conventional packages and related at a more granularlevel, the inherent problems caused by packages may be alleviated. Inaddition, section II discusses how to install and manage software fromthe file level as well as the dependencies that exist down at a granularlevel. Absent features of various implementations set forth herein, sucha granular level could make a system administrator's ability to graspthe additional number of pieces and their dependencies exceedinglydifficult. For example, with the traditional approach to softwarepackages, a software application may comprise 57 interrelated functionalpackages. This number of packages and their relationships are typical ofa conventional software application. Functional relationships at thepackage level are readily ascertained and managed by a systemadministrator. However, aspects of the present invention define asoftware application at the individual file level with perhaps thousandsof files, making it potentially more difficult for a systemadministrator to ascertain all of the file level interaction and managethe same. To remedy such a potential problem, aspects of the presentinvention involve a method of using a dependency map to determine whichsoftware files are needed to install a software application. Lastly,section two sets forth methods for managing pre-installation andpost-installation conditions by adding such pre-installation andpost-installation conditions as attributes to individual software filesin a dependency map.

The third section provides additional details of software dependencymaps and various possible particular implementations. Thus, the thirdsection builds on the dependency map descriptions set forth in theintroduction. All software files depend upon or are dependent on one ormore other software files. A dependency map, in one particularconfiguration, is a memory resident dynamic model of the relationshipsbetween each software file of a given software application and otherapplications, while also accounting for the operating systems in whichthey reside. Over time, a given dependency map may grow in size assoftware applications or features thereof are added to the map, or mayshrink when applications or features thereof are removed. The dependencymap may also include a weighting system that reflects a confidencefactor between software element dependencies. For example, if softwarefile A is known to depend upon the presence of software file B, aconfidence factor may be built into this dependency. The factor mayexist in the form of a percentage of installations that have beensuccessful based on this dependency as related to the total attempts.So, if 85 out of 100 attempts at installing a software application usingthe dependency between A and B, were successful, that dependency mayhave a confidence factor of 85%.

The third section also discusses various aspects of a client agent thatinteracts with a remotely hosted dependency map at various level. Forexample, in one implementation a dependency map is hosted by a remoteservice provider and a local computer hosts a client agent capable ofcommunication with the service provider's map. Installing a softwareapplication on a client computer involves the client agent requestingthe map at the service provider. The intellectual property contained ina software dependency map is often a trade secret and is keptconfidential by its owners. Further, the amount of data contained insuch a map could be enormous. In result, hosting the entirety of the mapon each individual computer while possible, may be undesirable. Hence,aspects of the present invention involve placing a client-based softwareagent on each computer that is capable of accessing and querying onlyrelevant portions of the remotely hosted dependency map to install aparticular software application.

The fourth section provides a detailed description of the dependencyroute portion of the dependency map. A dependency route involves a list(or “path” in the context of a map) of software files needed to installa software application. Almost all software applications may beinstalled in different ways. For example, the same software applicationmay be installed to achieve the fastest run time, the highestreliability, the highest security, etc. Each configuration will mostlikely change the software files required for installation. Hence, adependency route involves a pathway in the map, between every fileneeded to install a software application under the conditions chosen bya user. As software file dependencies have confidence factors, so doindividual dependency routes. For example, if 79 out of 100installations used a specific dependency route for installingapplication A on operating system B, the confidence factor for thatroute would be 79%. Whereas a different dependency route that installsthe same software on the same operating system may be successful 150 outof 172 attempts, resulting in a higher confidence factor of 87%. Thereare likely to be multiple possible routes through the map for anyparticular software installation configuration.

The fifth section provides a detailed description of methods formonitoring software installations based on a given dependency route aswell as methods for analyzing software performance of a giveninstallation. Client-side monitoring agents may be used on each computerto monitor the performance of a given dependency route. Such performancedata may be uploaded to the central service provider that hosts thedependency map. Over time, the service provider for the dependency mapcollects performance data for each application using differentdependency routes. Such data may be implemented into the dependency mapas a means of further adding to confidence weightings of particulardependency routes.

The sixth section provides a detailed description of methods forsimulating a software installation based on a given dependency routewithout actually installing the software. Such a simulation can forecastthe ramifications of an installation on a computer by provisioning avirtual operating system and the list of currently installed software onthe computer. By using such a simulation, potential installation time orrun time errors can be flagged before the actual installation isperformed. Section six also discusses the use of intelligent backup ofan installation. By knowing the steps and ordering of a route taken toinstall an application, the same application can be backed-out along thesame route. Through use of the dependency map and the dependency routeused, an installation can be removed by knowing the list and ordering ofsoftware files that need to be removed. In contrast, conventionde-installation techniques are converging in that they move forward intime trying to merge back to a state that resembles the previouslystored state.

In summary, sections one through six teach various methods for replacingthe conventional software application packaging approach by removing thefunctional packages from each application. Individual files thatcomprise software packages are extracted and placed into a dependencymap. Dependencies between each file, or software elements, are furtheradded into the dependency map. Customized dependency routes are furtheradded into the dependency map, allowing for true installation-timecustomization of software applications. Lastly, methods are set forthfor simulating software installations, measuring and increasingperformance of installed applications, and intelligent softwarede-installation routines. There are other inventive features set forthin further detail below.

I. Introduction

One feature that various implementations set forth herein build upon orleverage in some way is the dependency map. A dependency map, also attimes referred to herein as an “installation map”, involves a set ofsoftware elements and dependency relationships between the softwareelements. Each software element is extracted from some particularsoftware application that may be installed on a computer. To achievethis, a conventional software package is “unpacked” to extract thevarious files that make-up the various packages of a softwareapplication. The various files are added to a dependency map, and formone attribute of a software element. The files or the software elementsare analyzed to determine their dependency relationships with othersoftware elements, and these dependency relationships are further addedto the map. From the map, dependency or “installation” routes may bederived. A dependency route involves a list of software elementscorresponding to a particular installation, which routes are leveragedto facilitate installation of a software application on a targetcomputer. FIG. 3 is a flow diagram, discussed throughout this section,illustrating a method for installing an application, the operationsinvolving unpacking a software application, generating a file-leveldependency map, and using the map to install an application.

In one particular embodiment set forth herein, a method and variousrelated features are described in the context of a service providermodel where the service provider generates and hosts the dependency mapand is involved in updating, etc. In such a context, installations areperformed at client devices. However, a service provider model is simplyone possible arrangement for deploying and using a dependency map. Suchadditional systems are further described throughout this application. Asalluded to above, one inventive concept set forth herein involves thetransformation of software from high-level packages to low-levelindividual files for the purpose of installation amongst others. In theservice provider context, the service provider transforms the software(e.g., unpacking the software packages and defining a dependency mapsetting forth the file-level dependencies both within the softwareapplication and to external software application), hosts the dependencymap, and provides knowledge to end-users on how best to install softwarehosted with the model, amongst other functions.

In one possible arrangement, a dependency map hosted and generated by aservice provider is available as a fee-based service. Such a fee couldbe based on a per-request basis, annual maintenance fee basis withunlimited installation requests, or other fee arrangements.

In a service provider configuration, the service provider provides theinfrastructure (e.g., servers, storage, functional modules, etc.) togenerate and hosts the software dependency map. The generation andmanagement of the dependency map is further described in Sections II andIII and other places throughout this document. In one fundamentalrespect, a dependency map is a logical collection of each individualfile from one or more software applications added to the map and adependency relationship between the files. The server-side computingcomponents include modules (as described with respect to FIGS. 7, 10 andothers) that are configured to disassemble a software application'spackages into their individual files and represent each file in the mapas software elements (operation 300, FIG. 3). In one embodiment, asoftware element is a representation of an individual file that is partof a software application. Further, a software element stores aplurality of attributes to describe each file represented by theelement. One attribute is a pointer (such as a network address, attachedmemory address, database pointer, etc) to the physical location of therepresented file. Additional attributes represent dependencyrelationships, confidence factors, timestamps, versioning, etc which arediscussed through out this application.

As will be further described below in Section III, each software elementin the map has at least one dependency relationship with anothersoftware element. Generally speaking, a dependency relationshipindicates that the file represented by the software element is dependedupon or depends upon at least one other file represented by anothersoftware element. The reason for dependencies between software elementsis to allow a collection of individual software elements to worktogether to form a functional software application. For example, aspecific software element may be an executable file that is dependentupon execution parameters stored in a library file that is shared byadditional software elements. If the executable file did not have adependency on the shared library file, the executable file would beunable to run successfully. In order to resolve the dependencies betweeneach software element in the dependency map, additional modules coupledto the dependency map, are configured to resolve and represent thesedependencies within the map (operation 310, FIG. 3). These processes arefurther described with respect to FIG. 9 and elsewhere. Operations 300and 310 of FIG. 3 are repeated for each software application hosted bythe dependency map. As a result, the dependency map may represent aplurality of software applications that are each represented at the filelevel by individual software elements, along with the dependencies thatexist between each element. It is possible that a dependency map mayinclude millions of software elements and dependencies. FIG. 11illustrates a graphical example of a dependency map.

In one particular embodiment, the infrastructure and contents of asoftware dependency map are organized and stored in a scalable database(e.g., relational, object-oriented, etc.). Such a database containsmultiple tables with each one representing software elements and theirattributes, dependencies, and their attributes, between elements,software boundary overlays, dependency route overlays and theirattributes, route calculation overlays and their attributes and othercomponents configured to create the infrastructure of a softwaredependency map. As described below, the actual software filesrepresented by software elements may be stored in a second database. Thesoftware elements maintain a pointer to the physical database locationof the files they represent. As such, the database providing theinfrastructure of the software dependency map may communicate with thedatabase storing the actual software files represented by the dependencymap.

Once a dependency map is created, specific dependency routes may beimplemented throughout the map. A dependency route is a collection ofsoftware elements having dependencies with at least one other softwareelement, wherein the elements each represent an individual file formingpart of a software application that will be installed on a targetcomputer or computers based on specific requirements and configurationparameters. The route may be considered a pathway through the dependencymap between a first collection of software elements that are related toa current state of the software resident on the target computer to asecond collection of software elements that will allow the addition of anew software application, upgrade or reconfiguration of a currentsoftware application. FIG. 15 provides a graphical example of adependency route running through an example dependency map. Thedependency map is coupled to a route manager (as shown in FIG. 13) thatis configured to analyze the software elements that comprise a softwareapplication and generate specific software dependency routes that may beused to install the application on a client machine (operation 320, FIG.3). Once a client communicates their installation requests to theservice provider or whatever computing system is provided to host thedependency map, the route manager determines one or more dependencyroutes that may accomplish the specific needs of the client. Thedependency routes are then transmitted to the client for installation(operation 330).

Once a client has decided on their installation needs, they have manyoptions on how to proceed. First, they may install the software based onone of the dependency routes provided by the dependency map. Secondly,the client may run a simulation (as described in Section VI) of thechosen dependency route to determine if the route would result in asuccessful installation. Based on the success of the simulation, theclient may chose to install the route or request an alternate route fromthe dependency map. Lastly, the client may take a snapshot of theircurrent system. A snapshot is a detailed description of the currentsoftware inventory and system configuration of a computing system.Multiple snapshots may be taken that represent the current state of thecomputing system at differing periods of time. If errors occur duringthe installation, the client may request to uninstall or back-out theinstallation (as described in Section VI) in order to place the clientmachine in the same position before the installation commenced (i.e., atthe snapshot). This approach differs from conventional back-out methodsthat move forward to place the machine in the previous configuration.Whereas, the inventive approach moves backwards in order to place themachine in its previous configuration, resulting in a substantiallyidentical mirror of the machine's previous state.

Lastly, client machines are capable of communicating the success orfailure of installations back to the service provider (operation 340).Such information may be used to implement a weighting system on theconfidence of dependency routes and individual dependencies betweensoftware elements.

II. Removing the Need for Software Packaging

A purpose for combining a software application into packages is to allowsystem administrators to grasp the interrelationships between eachfunctional package of the application. The smaller the number ofpackages, the easier it is to grasp their interrelationships. As statedabove, conventional software packages are not represented at thegranular level of individual files because a typical systemadministrator would find it exceedingly difficult to grasp the vastnumber of individual files and the complex dependencies that existbetween them. Hence, this is one of the reasons that conventionalsoftware is represented at a higher package level as previouslydescribed with respect to FIG. 2 and elsewhere, particularly in theBackground section.

File level dependency mapping set forth in accordance with aspects ofthe present invention is useful for custom installations, besides otheradvantages. In many software installations, not all files of a softwareapplication are required. However, based on the way conventionalsoftware is packaged, additional files are usually installed that willnot be needed by the current configuration. In most softwareinstallations, many of the individual files are part of the core of theapplication. These core files are required no matter what installationparameters or options are chosen. However, the remaining non-core filesin an application may be configuration-dependent in that they are onlyneeded under certain circumstances. For example, Apache 5.5 may have 50files devoted to a certain type of security feature that anadministrator may chose to forego. Another 20 files may be “help” filesthat describe how to run and conFIG. a web server. The decision toinstall these files should be optional. However, conventional softwarepackaging often makes optional file installation difficult. Further,knowledge of which files are needed for each of the above examples wouldbe difficult or impossible for an administrator to ascertain as theremay not be available information describing which files correspond towhich features.

Besides making custom installations difficult or impossible, as set outabove, conventional software packaging is also a cause of installationfailures. Aspects of the present invention thus involve a solution thatremoves the need for software packages, allowing it to be organized atthe granular file level, and also providing a way to facilitateinstallation from the root file level.

Once the artificial constraints created by software packages areremoved, focus can be placed on the individual software elementsrepresenting each file and their relationships with one another (i.e.dependencies). However, software element dependencies are often notabsolute. In other words, a dependency between element A and element Bmay not always need to exist. There are examples where such a dependencyis needed and others where it is not needed. For example, if anadministrator wishes to install a software package based on “the mostreliable version”, element A may not depend on element B. However, if anadministrator wishes to install the same software package based on “thelatest version”, element A may indeed depend on element B. Under thisexample, the dependency between element A and B is not absolute.

Another factor that affects whether a dependency exists are that certaindependencies can create “circular relationships” that should be resolved(i.e., redirecting or adding a dependency to another element to removethe circular relationship or provide a link to a software elementoutside the circle). If an absolute dependency exists within a “circularrelationship”, this can make resolution of such a relationshipdifficult. An absolute dependency is where A will always depend on B nomatter what the circumstance. An example of a circular relationshipswould be A depends on B which depends on C which depends on A. In thisexample, if the dependency between C and A is absolute (i.e., alwaysexists), there would be no way to resolve this circular relationshipsince C always depends on A and A depends on B which depends on C. Ifhowever, the absolute dependency between C and A were only necessary dueto a certain symbol that could also be met by D, than the circularrelationship could be resolved by redirecting C to depend on D insteadof A.

Yet another factor is that there are other parameters other than purepositive dependencies. There may be stated incompatibilities betweenelements and there may be replacement relationships where a new elementwith similar functionality might replace it. For example, in a specificsoftware application, package A may have a stated dependency on packagelibCORE. The software developer responsible for packaging this softwaremay have defined this dependency because package A contains anexecutable command called “ps”. In order to execute “ps”, the memchkcommand is needed. In this example, memchk is stored in the librarydefinitions of libC which is further a part of package libCORE. It maybe possible that memchk also exists in a different set of librarydefinitions called libgtk which is part of package GTKlibs. In this caseGTKlibs is a replacement dependency for package A, even though packagelibCORE also includes the same memchk element needed by “ps”. The reasona software developer chose a stated dependency on libCORE instead ofGTKlibs may be that GTKlibs is part of a different software applicationwhich may not be installed on the computer. However, if the softwareapplication that includes the GTKlibs package is present, the dependencyfrom package A may be changed from libCORE to GTKlibs, inimplementations conforming to aspects of the invention.

One particular implementation involves a server-side dependency map thatprovides software application information at the software element levelrather than the package level. FIG. 4 is a block diagram depicting oneexample of client-server architecture where the dependency map 400 ishosted by a database 410 in communication with a server-side computingarrangement (service provider 420) and available to client-sidecomputers 430 to install a software application.

In the example set out in FIG. 4, the one or more client computers 430would seek access to the service provider's dependency map 400 and theinstallation routes that may be derived therefrom. In one embodiment,client computers 430 communicate with the service provider 420 via theInternet 440. In another embodiment, client computers 430 maycommunicate with the service provider 420 via a local or enterprise-widenetwork (not shown). To facilitate communications between clients 430and the service provider 420, a client-side software installation agent450 may reside on each client computing system where softwareinstallations are desired. This software agent 450 is able tocommunicate with the service provider 420 to make installation requestsas well as receive installation instructions, besides other functions.Further, the software elements (or related files) needed to fulfill aninstallation request may be transmitted from the service provider 420 tothe client 430 over the Internet, local, enterprise-wide networks, orother removable storage media (e.g., the root level file may be recordedon optical disc, etc.)

The entity responsible for hosting a dependency map is not limited to aservice provider as previously mentioned. A dependency map host may comein many forms. However, in one embodiment, the map is hosted by a thirdparty service provider with no formal relationships with individualsoftware vendors. The third party hosts a dependency map that mayrepresent software from one or more software vendors. In anotherembodiment, the entity hosting the dependency map may be an actualsoftware vendor, such that the dependency map represents softwareapplications specific to the vendor. Further, the vendor-hosteddependency map may also represent software applications from othervendors. In another embodiment, the dependency map entity may be acompany that hosts a dependency map for the software applications usedin the company's enterprise-wide software environment. Such a dependencymap would likely include software from many different software vendors.

FIG. 5 is a flow diagram of aspects of a particular method of performinga software installation. Referring to FIGS. 4 and 5, when a systemadministrator responsible for maintaining a client computing systemwishes to install a software application with certain requirements, therequest is communicated to the software agent 450 installed on theclient computing system (operation 500). An example of an installationrequest may set out installation parameters: a) install Apache 5.5; b)use the securest version possible; c) run on Sun Microsystems™ Solaris™9.1 operating system. The software agent installed on the clientcommunicates the request to the service provider 420 (operation 510).

The software agent also communicates, either as part of the installationrequest or separately, the client's software manifest to the serviceprovider (operation 520). A client software manifest is a listing ofsome and likely all the software applications installed on the client aswell as the individual files that comprise each application. It is alsopossible to provide an arrangement where the software manifest istransmitted to the service provider whenever there is a software change,allowing the service provider to maintain a current client manifest.Further, the manifest may be maintained at the software agent 450, withthe service provider 420 accessing the manifest as part of theinstallation path determination (see discussion of operation 530 below).

With knowledge of the client manifest, the dependency map 400 isanalyzed to generate one or more installation paths commensurate withthe installation request (operation 530). The installation paths arethen communicated, to the software agent 450 (operation 540). Once eachinstallation path is received by the software agent 450, the systemadministrator may review each path and determine which installation pathto use or the system may be configured to automatically install the newsoftware using one of the paths (operation 550). Next, the selecteddependency route is communicated, via the software agent 450, back tothe service provider 420 (operation 560). Lastly, in an implementationwhere the service provider hosts the software files, the serviceprovider streams the files to the client based on the choseninstallation path (operation 570). It is also possible that the clientsystem will have the files needed for the software application residenton the files system. In such an arrangement, the software agent isconfigured to receive the dependency route and manage the installationof the file already resident on the client system. It is also possiblefor the software agent 450 to obtain files identified by theinstallation through various other possible mediums.

Two features of a conventional software package based installation thata dependency map driven installation may eliminate are pre-installationand post-installation scripts. As previously discussed with reference toFIG. 1, pre-installation scripts describe what needs to be validatedprior to the installation of a software application. Post-installationscripts, on the other hand, describe what needs to occur afterinstallation of the software application. When using conventionalpackage-based installation methods, the pre-installation andpost-installation scripts are separate entities from the pre-determinedgroup of packages. Yet, the scripts are generated at the time ofsoftware development, resulting in generic requirements withoutknowledge of the unique computing system configurations the softwarewill eventually be installed. In stark contrast, when performing aninstallation using a dependency map, the collection of required ofsoftware files is generated at the time of the installation as afunction of current computing system features, rendering pre-createdinstallation scripts unnecessary. Eliminating the necessity of pre- andpost-installation scripts also illuminates one advantage of certainconfigurations falling within aspects of the present invention. Namely,removing the constraints of the installation scripts, along with otherfeatures of various implementations set forth herein, facilitatesfile-level customized installation of a software application.

Aspects of the present invention may further involve integrating pre-and post-conditions or requirements of an installation into eachsoftware element as additional attributes. Conventional pre-installationand post-installation scripts are created for and bound to a specificconventional software package. Each script describes conditions orrequirements of both the entirety of a given package as well as thefiles in the package. As such, these scripts are package-centric (i.e.,they describe conditions for the entirety of the package.) To circumventthe problem with package-centric scripts, the pre- and post-conditionattributes of each software element are specific to each particularelement. Pre- and post-installation attributes are extracted from theoriginal installation scripts 140 and 150 as described with respect toFIG. 1. The service provider is able to analyze each condition from theoriginal installation scripts and create an attribute to a softwareelement any time the original script references the file represented bythe attribute. For example, if the original installation script statesthat file A has a stated dependency on file B, the service providerwould add this requirement, as an attribute, into the software elementrepresenting file A. Therefore, the software element representing filewould have an attribute stating that it is dependent upon element B.

The pre- and post-condition attributes of software elements may bedescribed as being compartmentalized as opposed to the conventionalpackage-centric scripts. For example, an attribute of software element Amay state a dependency on element B. This dependency is confined tosoftware element A, allowing the attribute to be element-centric.Whereas, conventional pre- and post-installation scripts have a one tomany relationship between all files in the package with nocompartmentalization. Hence, in a conventional packaging script, thedependency from A to B is always defined even if element A is not neededin the installation. Whereas, the dependency attribute of A is onlydeclared if A is included in the dependency route being installed. As aresult, only the pre- and post-conditions defined by elements in thedependency route are needed, as opposed to every condition being definedin the convention scripting approach.

After the service provider builds the list of all software elementsrequired for an installation, the pre- and post-conditions built intoeach software element can be summarized to create a type of hybridpre-installation and post-installation script containing a mere subsetof all the conditions from the original pre- and post-installationscripts. This technique differs from conventional installation scriptsthrough its ability for creation after the dependency route is defined.Hence, the scripts are customized specifically for the installation andthe current configuration existing on the client system. Such atechnique offers a flexible way of managing the pre- andpost-installation scripting as the implicit ordering of the softwareelements based on dependencies matches the exact order of executionrequired by the pre- and post-conditions built into each softwareelement.

III. Software Dependency Maps

As already discussed at some length, aspects of the present inventioninvolve the generation and use of a software dependency map with elementlevel dependencies, amongst other things, to facilitate the installationof new software. Further aspects of the present invention involve theremoval of software packaging from software installations, allowing forsoftware to be represented at the individual file or software elementlevel of granularity. The constantly changing nature and intricacies offile level dependencies makes manual monitoring and use in installationby a system administrator exceedingly difficult if not impossible.Hence, a service provider hosts the information needed (i.e., knowledgebase) to install and organize software at the element level. Asintroduced above, the collection of software elements and theirdependencies is referred to herein as a software dependency map. Thesize and arrangement of the map is a function of the number of softwareapplications mapped and the number of files and dependencies within eachmapped application. Accordingly, a dependency map may represent anynumber of operating systems and software applications encompassingliterally millions of individual software elements. Moreover, the map isconstantly changing as installation information arrives from softwareagents residing at various client locations as well as new softwareand/or operating systems are unpackaged and added to the map.

FIG. 6 is a block diagram illustrating a portion of a softwaredependency map. The lowest level of granularity in this map 600 is asoftware element (605, 610, 615, etc.). A software element is arepresentation of an individual file, such as a configuration file, anexecutable file or a library file. The software element includes one ormore attributes, one of which may be a pointer to the physical locationof the file it represents. In one embodiment, this attribute may pointto a memory address within a software warehouse (described further inSection IV). Every software element has some dependency on anotherelement; otherwise, the element would not be needed as nothing elsedepends on it being present. Accordingly, in another embodiment anadditional attribute of a software element is a dependency attributeidentifying dependencies associated with the software element. FIG. 6comprises a plurality of software elements each of which has at leastone dependency (illustrated by arrows 650) (e.g., between the blocks) onanother software element. Each software element, depicted by a block,represents a type of file. In this example, configuration files,executables files, shared library files and class files are shown.Within FIG. 6, shared library file 601 is dependent upon shared libraryfile 605, configuration file 610 depends upon shared library file 601,executable file 630 depends upon configuration file 610, and so on.

In an example from FIG. 6, class file 640 is dependent on shared libraryfile 601. The actual dependency may be that within class file 640,function “GetDependencyMap” may be called. The location of this functionexists in shared library file 601. Therefore, if class file 640 did nothave a dependency on shared library file 601, class file 640 would beunable to call function “GetDependencyMap”. In another example,executable file 630 depends upon configuration file 610. Configurationfile 610 may declare “TimeOutCounter” with a value of 50 milliseconds.During execution of executable file 630, the value of “TimeOutCounter”is used to determine how long to wait before ending execution if noresponse is received from another executable file. If configuration file610 were not present, executable file 630 would be unable to executeproperly since no value would be presented as to when to end execution.

FIG. 7 is a block diagram illustrating various dependency map generatormodules involved in building and/or refreshing a software dependency map400. In concurrence with FIG. 7, FIG. 8 is a flow diagram illustratingthe operations involved in converting a package-based softwareapplication into a collection of software elements and generating adependency map. The method of FIG. 8 is discussed with reference to thedependency map generator module of FIG. 7; however, other processingconfigurations may be implemented to perform the operations set out inFIG. 8.

Particularly referring to FIG. 7, a software collector 705 is configuredto collect software applications that will be unpacked and added to thedependency map 400 (operation 800). In one embodiment, the softwarecollector 705 interacts with sources of software 701, such as vendorwebsites or other software repositories. In another embodiment, thesoftware collector 705 may receive destinations for softwareapplications through the assistance of one or more software seekers 702.Generally speaking, a software seeker 702 is a module configured tosearch the Internet for software applications and additional informationuseful for downloading applications. In one configuration, a softwareseeker is instructed to locate a particular software application. Oncethe particular software application is located by the software seeker,the destination is relayed to the software collector 705. The softwareseeker may also include additional information on downloading thesoftware such as an FTP or http user name and password that may berequired to download the software. With the provided information fromthe software seeker 702, the software collector 705 downloads thesoftware application from the software source 701.

Once a software application has been retrieved by the software collector705, it is forwarded to an element unpacker 710. The element unpacker710 has two primary responsibilities. First, the element unpacker 710determines which operating system (hereafter “OS”) the application hasbeen written for. With the exception of interpretive languages, softwareapplications are written for a specific OS. Hence, the process ofextracting or unpacking software elements from an application involvesknowledge of which OS the application is written for. Secondly, theelement unpacker 710 unpacks the software application from the packagelevel to the file level. As previously described above, conventionalsoftware applications have one or more functional groupings or“collections” of files known as packages. Unpacking a software packageinvolves a process of extracting the individual files from each package.

Referring now to the OS determination, the element unpacker 710determines which OS the software is written for. This determination ismade through the assistance of an OS Detector 712 which analyzes thesoftware to determine which OS it has been written for (operation 810).In one embodiment, the OS detector 712 determines which OS the softwareis written for through the assistance of an OS lookup table 718. Thelookup table 718 lists the different types of software packaging formatsthat exist and cross-references each type to its appropriate OS classtype. The OS detector is able submit the type of software packagingformat to the lookup table and determine which OS class the packagingformat corresponds too. Next, the OS detector 712 uses the OS class typeto analyze one or more binaries of the software application to assesswhich architecture the binary is targeted for (e.g., x86, Sparc,PowerPC, etc). In many situations, this level of detection is sufficientto determine the OS of the software application. If further analysis isrequired, the OS detector 712 can implement additional tools to reviewthe package manifest of the software application to determine which OSthe software is targeted for. Once the correct OS has been determined,the element unpacker 710 may begin extracting the file from the softwareapplication's packages.

In order for the element unpacker 710 to extract the files from asoftware application, it also receives assistance from an OS specificmodule 725. An OS specific module 725 or plugin exists for each OS inwhich software is written for within the dependency map 400. Once the OSdetector 712 determines which OS the software application is writtenfor, the appropriate OS plugin 725 is called to assist the elementunpacker 710 with extracting the files from each package in the softwareapplication (operation 820). The element unpacker 710 uses unpackingcommands specific to the OS that the software is targeted for. Forexample, if the software application is targeted for UNIX, the elementunpacker 710 may use tar, or gzip to unpack the files from the package.If the application is targeted for Microsoft™ Windows™, the elementunpacker 710 may use unzip or rar to extract the files from the package.

Once all the files have been extracted, the element unpacker 710analyzes the software manifest and the installation scripts for thesoftware application to characterize each file by its file type (e.g.,executable file, configuration file, library file, etc.) (operation830). In one embodiment, a file type lookup table is used to map eachfile type suffix (e.g. exe, dll, etc.) to the file type that the suffixcorresponds too. For example, if a file has a “dll” suffix, the lookuptable would return shared library as its file type. In anotherembodiment, many operating systems provide commands to analyze a filefor its file type. For example, Solaris has a “file” OS command thatwill reveal the file type of a file.

Lastly, the files extracted from the packages are forwarded to a graphmanager 730. The graph manager 730 is responsible for creating asoftware element 745 and adding it to the dependency map 400 (operation840). As previously stated, a software element includes an attributethat has a pointer to the physical location of the file the elementrepresents. As software elements 745 are placed into the dependency map400, the graph manager 730 creates a pointer to the physical location ofthe file it represents (operation 850). As stated above, the pointer isstored as an attribute of each software element. In one embodiment, eachfile is stored in a software warehouse or database. Hence, the softwareelement's pointer would point to the location within the softwarewarehouse that hosts the actual file. Therefore, when the actual file isneeded, the pointer will direct the dependency map 400 to the locationof the physical file. Further, the graph manager 730 allows for eachsoftware element 745 to have additional attributes associated with it.The details of such attributes are discussed throughout thisapplication.

As software elements 745 are added to the dependency map 400, theirstatus is temporary in that the elements are inaccessible by othermodules of the service provider. It is not until dependencies 747 arecreated between these software elements 745, that their status ischanged to operational allowing the elements to become available fordependency routes. Once the software elements 745 have been created andplaced into the dependency map 400, a copy of each element 745 isrelayed to the dependency resolver 715 for analysis of the element'sdependencies 747. Through the assistance of the appropriate OS plugin725, the dependency resolver 715 launches an OS shell 727. An OS shellis a minimal instance of an OS which is able to perform a minimal set ofinstructions specific to the OS. The dependency resolver 715 is able toanalyze each software element 745 within the OS shell to determine thedependencies with other software elements 745. The process fordetermining each dependency will be further described below. Once eachdependency 747 is determined, the dependency resolver 715 passes thisinformation to the graph manager 730 to add to the dependency map 400.

FIG. 9 is a flow diagram illustrating the operations for identifyingdependencies between the software elements, and the new element placedin the map as described in FIG. 8. Upon completion of adding softwareelements to the dependency map and placing them in a temporary status,the analysis of dependencies 747 between each software element 745begins (operation 900). In many circumstances, each package in asoftware application will already include a number of declareddependencies. These declared dependencies are often located in item 120from FIG. 1. Based on this knowledge, many of the dependencies betweenindividual files can be extracted from the package and represented inthe dependency map 400 (operation 910). In one embodiment, the specificOS the software is targeted for includes packaging tools that may beutilized to extract the dependencies between software elements. Next,the shared libraries from within the software application are analyzedto ascertain inter-library dependencies (operation 920). Each sharedlibrary often defines dependencies to other shared libraries. Uponidentification of a shared library, these dependencies are representedin the dependency map 400. After shared libraries are analyzed fordefined dependencies, configuration files are analyzed to identifydeclared dependencies. Configuration files within a software applicationmay also declare dependencies between files are identified andrepresented in the dependency map 400 (operation 930). Next, all theexecutable files from within a software application are analyzed toidentify dependencies (operation 940). Typically, each executable filecontains a symbol table. Analysis of these symbol tables may identifydependencies that exist between the executable file and other file typeswithin the software application (operation 950). An OS typically hascommands that are able to analyze executable symbol tables. For example,UNIX uses a command called “nm” to analyze symbol tables. Finally,simulated execution of executable files is possible. Upon execution ofan executable file, the initial execution cycles are analyzed to assesswhat files are loaded or referenced during execution (operation 960).Any files that are loaded or referenced during the initial executioncycles are identified as dependencies on the executable file. Thesedependencies can then be represented in the dependency map. Recursiveuse of some or all operations 940-960 may continue (operation 970) untilall the executable files have been analyzed. Once all the executablefiles have been analyzed, the dependency analysis is complete (operation980) and the newly added software elements are changed to an operationalstatus.

FIG. 10 is a block diagram that illustrates an OS specific module aswell as additional modules used to resolve dependencies between softwareelements recently added to the dependency map. As stated above inregards to FIG. 7, the dependency resolver 715 identifies thedependencies for each software element. In order to accomplish this, thedependency resolver 715 is expected to know which OS each file,represented by a software element, is written for. In one embodiment,the OS detector module 712 described in FIGS. 7 and 8 is incommunication with the dependency resolver 715. The OS detector 712analyzes a file and determines which OS it is written for and passesthis information to the dependency resolver 715. One or more OS specificmodules (also referred to as “plugins”) are coupled to the dependencyresolver 715 with each plugin representing a different OS. Through theassistance of the appropriate OS plugin 725, the dependency resolver 715launches an OS shell 727. As stated above in regards to FIGS. 7 and 8,an OS shell is a minimal instance of an OS which is able to perform aminimal set of instructions specific to the OS. The dependency resolver715 is able place each file in the OS shell 727 and analyze the file toidentify its dependencies.

In one embodiment, the dependency resolver is able to identify thedependencies of a file through the assistance of the appropriate OSplugin 725. Each OS plugin has a plurality of individual sub-modules1010-1030. The OS specific package dependency analyzer module 1010performs the functions described above in regards to operation 900 fromFIG. 9. Whereas, sub-modules 1020-1030 are responsible for analyzingeach type of software file. Therefore, depending on what type of file isplaced into the OS shell, one of these sub-modules are called toidentify the dependencies. For example, if the received software elementis a shared library, the OS specific dynamic library dependency analysismodule 1020 is called by the OS plugin 725. This sub-module analyzes theshared library file and determines what dependencies exist between theshared library file and any other files. This is accomplished bychecking each line of code within the shared library file to identifycode that declares a dependency. If the software element being receivedis a configuration file, an OS specific configuration file detectionmodule 1025 is called by the OS plugin 725. This sub-module analyzes theconfiguration file line by line to identify code that declares adependency. If the received software element is an executable file, twoseparate sub-modules are accessed. First, an OS specific symbol analyzermodule 1015 is called by the OS plugin 725. This sub-module accesses thesymbol table of the executable file and checks each line of code toidentify code that declares any dependencies. Next, an OS specificruntime executable management module 1030 is called by the OS plugin725. This sub-module actually launches an OS virtual container 1040.

A virtual OS container is a virtualized instance of an OS running with aminimal set of functionality sufficient to execute an executable binaryfile and analyze its run-time path. In one embodiment, multiple virtualoperating systems may run on a single hardware platform. Once thevirtual OS container 1040 is launched, sub-module 1030 places theexecutable 1045 into the OS container 1040 along with any knowndependencies of the executable. The executable 1045 is executed with theruntime execution being monitored to assess for any missingconfiguration files that are needed by the executable. These additionalconfiguration files are then declared as dependencies to the executable.Any additional dependencies that were declared in the runtime executionpath are then returned to the OS specific runtime executable managementmodule 1030.

The previous section discussed the ability to identify dependencies fromexecutable files using sub-modules with each OS specific module. Thisapproach works effectively when identification of the dependenciesoccurs for software elements that are part of a software application.However, this approach is less effective when trying to identifydependencies in an actual operating system. In the core files comprisingan OS, the dependencies are so tight, that dependency identificationshould be fully analyzed as an entirety of the files and notsequentially. In order to accomplish such analysis of an entire OS, afull version of the OS is loaded (also known as “provisioned”) and itsfile-level dependencies are validated.

The complete system dependency validation is an asynchronous scheduledact from the actual dependency discovery. Complete system dependencyvalidation does not define dependencies (which is accomplished by thedependency resolver) but rather validates the identified dependencies.Dependencies may nonetheless be redefined during the validationprocedure, such as when an invalid dependency is identified. One methodfor validating dependencies is through the use of a processes referredto as Bare Metal Provisioning. In this process, the complete OS definedin the dependency map is collected into an optical disc image(hereinafter “ISO”) format and provisioned onto dedicated hardware thatthe OS architecture is targeted for. For example, in analyzing thedependencies of Solaris 9.1, the entirety of the OS may be provisionedon a Sun Mircosystems Sparc™ Station. Once provisioning is complete, aset of system tests are performed that have been prebuilt as part of theOS. These tests, common to a particular OS, may be run to exercise thebasic input/output system of the OS to ensure it is working withinexpected parameters. In order to include these tests in the Bare MetalProvision, the files needed to execute these tests are included.

A first test includes file system checking such as reading and writingfiles to the OS This in turn exercises the kernel of the OS since basicI/O processing is written as part of the kernel. A second test includessystem error log scraping to ensure that the running OS is operatingwithin normal parameters. In one embodiment, this is performed by a logwatcher. Since operating systems classify errors in their system logsbased on severity, the log watcher looks for errors with a severitygreatest than a predetermined threshold severity level. If an error isflagged with a severity above the threshold, the error is captured forfurther analysis.

A third test includes deployment of a common software application (e.g.,a web server) to see if the operating system runs the application withinthe specified parameters. Each deployed application and test environmentmay have its own testing parameters and expected results. However, thegeneral approach is to verify that the deployed software applicationruns successfully (i.e., all dependencies are in place and accountedfor.) For example, if the deployed application were a web server, thetest would verify that the core web server daemon is running and thatany errors returned by application specific error logs are below athreshold severity level. Upon successful completion of the system testsdescribed above, the OS as a whole is given a first level assertion ofcorrectness for the dependencies through the OS.

In one embodiment, the dependency resolver analyzes the software filesextracted from a package to identify the dependencies between each file.As previously stated, dependencies are not necessarily absolute.Installing a software application “with the most stable version” mayrequire element A be dependent on element B. Whereas installing the samesoftware “with the newest version” may show that element A is notdependent on element B. Hence, in this example the dependency betweenelement A and B is not absolute, bur rather installation specific. Inanother example, a dependency may be declared within the conventionalpackage of the software application itself, yet not found to exist bythe dependency resolver. To handle this situation, a confidence factoror weighting is placed on the dependency such that the dependency stillexists, but may likely have a low confidence factor attached to it. Thisconfidence factor becomes an attribute of the dependency.

A confidence factor attached to a dependency can increase each time thedependency resolver reanalyzes that the dependency is in fact real. Onthe opposite end, the confidence factor can decrease if the dependencyresolver reanalyzes the dependency and finds that it is not required orif an additional software element was preferred. This allows thedependency map to reflect the confidence based on computational analysisof the independent software element. The output is a complex softwaremap that reflects the true dependencies and relative confidence of thedependencies for the software applications that are being mapped.

Another aspect of the present invention involves dependency mapoverlays. In one particular implementation, there are three types ofoverlays placed on the dependency map: software boundary overlays,dependency route overlays and route calculation overlays. The first typeof overlay is described in the next paragraph, wherein the last twotypes of overlays are described in Section IV. Generally speaking, anoverlay is a subset of software elements and their dependencies that areoverlaid on top of the primary dependency map, where the subset ofsoftware elements have some overarching feature in common, such asoriginating from a common software application or belonging to a commondependency route.

The first type of dependency map overlay is a software boundary overlay,which is a virtual boundary placed around a collection of softwareelements that make up the entirety of a software application and groupsthem into a form understandable by a human. One embodiment for creatinga software boundary overlay is performed by analyzing the packagemanifest 130 of the software application to identify a list of files forthe application. Then each software element (from the dependency map)that represents the files from the manifest are collected together tocreate the boundary overlay. Other elements with dependencies, notnecessarily identified in the manifest may also be included. In oneembodiment, the software elements that make up a software boundaryoverlay may change over time if additional software elements are addedor removed from the application. Such an approach is a replacement forconvention software packaging where one or more packages comprise thepieces for a software application. It is possible for a softwareboundary overlay to include software elements that are not all relatedthrough dependencies, but instead are collected together to form a humanunderstandable software application. An example of a software boundaryoverlay would be an application such as Apache 5.5.

FIG. 11 is a diagram illustrating an example of a dependency map with asoftware boundary overlay. FIG. 11 shows a plurality of softwareelements 1120 that comprise an example of a dependency map 1100. Thebounds of the dependency map 1100 are shown by the dashed linesurrounding the software elements 1120. Each software element 1120 hasat least one dependency 1130 upon another software element 1120. Thedependencies 1130 are shown as straight lines that connect two softwareelements 1120. In this embodiment, there are no software elements 1120within confines of the boundary 1110 that depend upon a software element1120 outside the boundary 1110. This example illustrates a singlesoftware boundary overlay 1110. However, a dependency map 1100 maycomprise a plurality of software boundary overlays, each representingdifferent possible overlays.

FIG. 12 is a flow diagram illustrating various operations involved increating a software boundary overlay in a dependency map. In oneparticular implementation, to begin creating a software boundaryoverlay, the package manifests 130 of the software application areanalyzed and each software element is extracted from its package andplaced onto the dependency map (operation 1200). The methods used forthese processes are described above with respect to FIG. 8. Once all thesoftware elements are placed into the dependency map, the dependenciesbetween all of the software elements are determined and placed onto thedependency map (operation 1210). The methods used for these processesare described above with respect to FIG. 9 and otherwise. Next, aboundary is drawn around all of the software elements derived from theunpacking of the software application (operation 1220). This creates theinitial bounds of the software application. The software elements andtheir dependencies are then analyzed by the graph manager 730 toidentify dangling references (operation 1230). In one embodiment, adangling reference is a reference that is outside the scope of asoftware boundary or of a dependency that is not yet defined if thecorresponding element is not loaded into the dependency graph. Forexample, if a software element within the bounds of the softwareboundary overlay shows a dependency on a software element outside thebounds of the overlay, this would be a dangling reference. If a danglingreference is found such that the software element referenced is outsidethe bounds of the boundary, the boundary is increased to encompass thenew software element (operation 1240). Moreover, attributes of thesoftware element are updated to identify the newly added dependency.Hence, the software boundary overlay is increased in size to includethis new software element. This process continues until each danglingreference is resolved. Hence, a software boundary overlay will continueto expand until there are no further dangling references.

In one embodiment, a software boundary overlay should not comprise anysoftware elements from any other declared software boundary overlays.For example, software elements should not be included in two separatesoftware boundaries. Such a rule prevents software boundaries fromencroaching on each other and keeps them inherently distinct. The endresult is that a software boundary declares the manifest of a softwareapplication that the dependency map supports. The dependency map itselfunderstands explicitly all of the dependencies within the softwarepackage and all of the detailed inter dependencies between softwarepackages. But this level of detail does not need to be known by a systemadministrator.

Aspects of the present invention are also able to address anotherconcern with conventional software applications; namely, accounting forpatches and minor revision releases in the installation process. It isknown in the art that software applications change over time. Due to therelease of bug fixes or patches, a software application's version isconstantly in flux. As patches are released, dependencies betweensoftware elements may change. Under such circumstances, a softwaredependency between element A and B may exist in the initial release of asoftware application. However, once a patch is applied, the dependencybetween A and B may no longer exist. The software dependency map isconfigured to track software dependency changes over time, in oneparticular implementation. For example, assume element B providescertain functionality in version 1 of an application, with an element Adepending upon B. When version 1.1 is released, the functionality of Bis replaced with new software element C. At this point, the dependencybetween A and B is removed and a new dependency between A and C iscreated.

A common request from a customer is that they wish to install the most“stable” version of a software application. This request can be versionrelated, as the current version of an application may not be the moststable version. In one embodiment, in order to install the most stableversion of a software application, the root software application isinstalled first, followed by a potential list of updates, service packs,patches and point releases to get the software to the configurationrequested by the customer. The root software elements of a softwareapplication do not depend on any other software elements, only othersoftware elements depend on them. These root elements tend to remainconstant, no matter which version or configuration of the application isinstalled In order to map any minor versions of a software application,the dependency map includes each minor version, patch or bug fix of themajor software application. Hence, after the root elements areinstalled, each software element in each minor version would be mapped,with dependencies, to each root software element in the major versions.

Once all the dependencies of each version of a software application aremapped, the need for mapping dependencies over time becomes important.In one embodiment, when a dependency is added into the dependency map,two timestamps are recorded as attributes to the dependency. Thus, asoftware element may have time stamp attributes. First, the timestampassociated with the file represented by the software element isrecorded. Whenever an individual software file is created, a timestampis added to the file. Therefore, a software developer will know when thefile was actually created during development. Second, the softwareelement includes a timestamp of when it was added into the dependencymap. The timestamp information is stored in the dependency map using atimeline data construct. A timeline data construct describes a set ofsoftware elements that are all related when they were inserted into thedependency map. This is how the service provider knows that a group ofsoftware elements are from the same version and hence part of the samesoftware boundary overlay. As each new software element and dependencyare added to the dependency map, the timeline construct is also added.As a result of these timelines, when a customer wishes to install aspecific version of a software application, these timelines are used tocalculate the optimal installation by correlating the timestamp on theroot install software with each of its assumed dependencies. In oneembodiment, the timelines are assembled as fragments and as the routeanalyzer of the dependency map analyzes the map, it assembles theoverall timeline of software that needs to be installed. The above isapplicable if there are more than one version of a software applicationand each version has the same dependency resolution.

IV. Software Dependency Routes

The previous section discussed a first type of dependency map overlayreferred to herein as a “software boundary overlay.” This sectiondescribes a second type of dependency map overlay referred to herein as“a dependency route overlay.” The dependency map is a vehicle foridentifying and facilitating various possible software installations.Software elements and their dependencies from mapped softwareapplications are set forth in the dependency map. A dependency route isone of many paths or ways of connecting a group of software elementsbased on specific installation needs. From another perspective, adependency route is a list of software elements and the dependenciesassociated with the elements that get a customer from their currentplace in the dependency map (starting collection of software elements)to where they want to be (ending collection of software elementsconforming to an installation goal). For example, installing Apache 5.5on Solaris 9 would create a dependency route through the map connectingeach software element needed to install Apache 5.5 on Solaris 9. Thestarting point might be all the software elements for Apache 5.0 onSolaris 9 (obtained from target computer) and the ending point is thecollection of software elements for Apache 5.5 on Solaris 9. There maybe software elements added, removed and consolidated along the path.Installing the most stable version of Apache on Solaris 9 would take aslightly different route through the map as it may involve Apache 5.5 orsome other version. As such, the collection of software elements thatcomprise each installation may be different.

As with software boundary overlays, dependency routes are subsets ofinformation contained within the dependency map. To restate, thedependency map is a collection of software elements and theirdependencies that are placed in the map by the apparatuses and methodsdescribed in FIGS. 7-10 and elsewhere. Dependency routes are formed froma subset of all possible software elements to advance an installationgoal. Moreover, dependency routes reflect customer installation choices,analysis of the installation success, and feedback to the map concerningthe same. The installation feedback is captured in a confidence factortied to a given dependency route.

Dependency routes do not exist automatically from the creation of thedependency map. Dependency routes are first defined when a specificinstallation is undertaken by a dependency route calculator. The routesare refined over time based on success and failure feedback based on theactual install. FIG. 13 is a block diagram illustrating an embodiment ofthe components involved in generating a dependency route. In the serviceprovider arrangement set out in FIG. 13, there is both a customerenvironment and a service provider environment. In Section III above,the concept of a software installer or software management agentoperating on the client environment was discussed. The software agent1350 is a client-based service that manages communication with theservice provider hosting the dependency map 1310.

In concurrence with FIG. 13, FIG. 14 is a flow diagram illustrating theoperations performed by the service provider to calculate a dependencyroute overlay for a client system or systems. First, the client relayssoftware installation requests to the software agent 1350 (operation1400). In an example, it may be the goal to install, on a client system,the fastest version of Apache 5.5 that runs on Solaris 9. Upon receivingthe request, the software agent 1350 obtains the current softwaremanifest for the client computing system (operation 1400). In otherwords, the software agent obtains a complete collection of all softwareapplications and their configurations and provides the manifest to theservice provider system. In one particular implementation, a softwaremanifest monitor 1355, which is coupled to the software agent 1350,performs this function. The software manifest monitor 1355 monitors,whether periodically, intermittently or otherwise, changes to theclient's software manifest. As changes are made to client's system thesoftware manifest monitor 1355 records them. Hence, when a request forthe client's software manifest is made by the software agent 1350, thesoftware manifest monitor 1355 compiles the manifest and transmits it tothe service provider, via the software agent 1350.

Once the software manifest and installation requested is received by theservice provider (operation 1400), the route manager 1305 analyzes theclient's software manifest and creates a dependency route overlay on thedependency map (operation 1410). A dependency route overlay 1320 is astructural overlay placed on the dependency map 1310, including eachsoftware element in the client's manifest. Hence, the installationoverlay is initially a snapshot of the elements of each softwareapplication installed on the client's computing system. In order tocarry out this service, the route manager 1305 begins with the firstsoftware element in the manifest and searches the dependency map 1310for the same element. Once found, the element is flagged as the start ofthe dependency route overlay 1320. The route manager 1305 continues thisprocess through each software element in the manifest until they are allflagged in the dependency map 1310 and placed into the dependency routeoverlay. Next, the route manager 1305 assesses the declared dependenciesbetween each of the software elements in the manifest and recreatesthese dependencies in the dependency route overlay. Just as dependenciesbetween elements are used to define a software boundary overlay 1315,dependencies between software elements in a dependency route overlay1320 are also used to define the relationship of each element thatcomprises the manifest of the client's computing system. Lastly, theroute manager 1305 defines a relationship (draws a line) between eachsoftware element in the client's manifest. The line will only connectbetween two elements by way of the dependency that connects them. Hence,the line will not connect between two software elements if there wasn'ta dependency that already connected them.

Once the route manager 1305 completes the dependency route overlay overthe dependency map 1310, a start point calculator 1325 determines thestart point of the client's dependency route overlay (operation 1420).The start point is the current state of the client's software manifestbefore any additional changes are made to it. At this point, the currentstate (i.e., start point) of the client's environment is recorded in apersistent store 1330 (e.g., data warehouse) and time stamped for futurereference (operation 1430). For example, the timestamp can be later usedto intelligently back out of a future install, which is furtherdescribed in Section VI. Next, an end point calculator 1335 is used tocalculate an end point based on the client's install request (operation1440). In one example, the state of the client system start point isknown to run Apache 4.0 on Solaris 9.0. Whereas, the end point of theclient's system would be the fastest version of Apache 5.5 running onSolaris 9.0. Therefore, the difference between the start point and theend point is a compilation of the software elements that must be addedand removed to transform the client system from its current state ofsoftware elements (i.e., start point) to its new collection of softwareelements (i.e., end point.) The software elements used to get the clientsystem from the start point to the end point is known as a routecalculation overlay, which will be described below.

In one particular embodiment, each time the client wishes to add orremove software from their system, the start point is recalculated basedon the current software manifest and not assumed from a previouslystored start point located in the persistent store 1330. This is due tothe possibility of software drift. Software drift occurs when thecurrent state of a computer's manifest changes due to the manual removalof certain services or files on the computer. This usually occurs when asystem administrator wishes to remove certain portions of code from anapplication or OS. For example, the client system may contain ksh, csh,tsh as part of its Unix OS scripting inventory. In order to reduce thechance that someone will use ksh, a system administrator may remove kshfrom the OS. This change would not be known by the previous start point.Hence, the route manager 1305 and start point calculator 1325 conducts anew analysis of the client manifest and creates a new dependency routeoverlay 1320 and start point each time the client wishes to make achange to their system.

Once the start point and end point have been determined by therespective calculators, the overlays are passed to a route calculator1340 that plots a complete route between the start and end point(operation 1450). In one embodiment, there are numerous routes thatexist between the start point and end point. This is why confidencefactors and weighting of dependencies are valuable. One function of theroute calculator 1340 is to compute the total dependency confidencevalue across a route and declare its confidence factor. For example,there may be 23 possible routes between the start point and end point.Beginning with the first route, the route calculator will summarize thedependency confidence factors across each dependency in the route. Theroute calculator 1340 uses calculations to arrive at a summarizedconfidence factor of the entire route. In one embodiment, the dependencyroute confidence factor is determined by summarizing the confidencefactor between each dependency and dividing it by the total number ofdependencies.

A list of routes may then be presented to the client with the routehaving the highest level of calculated confidence being presented first(operation 1460). Lastly, the system administrator selects the routethey wish to use. In another embodiment, the client system may beautomatically configured to trust the route with the highest level ofconfidence and install the solution automatically.

FIG. 15 is a block diagram illustrating an example of a dependency routeoverlay. FIG. 15 shows a plurality of software elements 1530 thatcomprise an example of a dependency map 1500. The bounds of thedependency map 1500 are shown by the line encompassing the softwareelements 1530. Each software element 1530 has at least one dependencyupon another software element. The dependencies 1520 are shown asstraight lines that connect two software elements 1530. A dependencyroute overlay 1510 is also shown. In one example, the dependency routeoverlay 1510 is a path drawn around a plurality of software elements1530 needed to bring a client computing system from its current state tothe state it would be in after the requested installation. This exampleillustrates a single dependency route overlay 1510. However, adependency map 1500 would likely comprise a plurality of dependencyroute overlays 1510, each representing different dependency routes forinstalling a software application.

In a particular implementation, automated installation policies may beput into place on a client computing system. Such policies give systemadministrators complete control over all installation options. On theother hand, installation policies can learn, over time, anadministrator's preferences and desired level of manual interaction. Onepurpose of such installation policy is to allow for as much automation,regarding installation decisions, as possible.

Policy may be defined within each software application's dependencyroute and/or within each client system's software agent. In one example,each dependency route includes a statically defined policy. The policymay state that upon completion of the installation, perform an automaticreboot of the system. The policy definition may also comprise policyinformation about user preferences. For example, the policy may ask theuser's permission to reboot, or proceed automatically. Over time, thedefault policy definitions attached to each dependency route may change.As dependency routes are installed, the software agent from each clientreturns success or failure information regarding the individual installof the software application. The dependency map may consider thesestatistics when determine policy definitions. For example, a policydefinition may state that user permission is requested for eachinstallation step. Over time, the installation success rate of thisroute may increase dramatically. As a result, the default policydefinition of this route may change to “proceed automatically” insteadof requesting user permission to continue. Such a change is the resultof increased confidence in the installation success of the dependencyroute.

By implementing such an approach, the amount of manual involvement bysystem administrator may decrease. If a dependency route has a highconfidence factor, due to the number of previously successful installs,the route may be configured with a policy to automatically implement theroute which does not involve the administrator. On the other hand, if adependency route has unsuccessful installations, a default policy thatinvolves the administrator would decrease the likelihood that theinstall may fail. In one embodiment, a threshold confidence factor alongwith the number of installation attempts may be used to determine thelevel of automation within a route's installation policy. For example, adependency route that has been installed 800 times with a confidencefactor of 87% may have an installation policy with increased automation.Whereas, a dependency route that was installed 4 times with a confidencefactor of 50% may have an installation policy with reduced automation.

The second place that user policy is defined is in the software agent ofeach client system. In one embodiment, the default policy stored in thesoftware agent may override the default policy tied to a specificdependency route. In other embodiments, a combination of the dependencyroute policy and the software agent policy may be combined to arrive ata hybrid policy definition. For example, if a new dependency routewithout previous installation history is chosen, then the default policyof the dependency route may be combined with the default policy of thesoftware agent. If the software agent's policy allows for automatedinstallation in all cases, then the new route will be installedregardless of its confidence factor. In another example, a softwareagent's default policy may request administrative interaction regardlessof the confidence factor of the chosen dependency route. Even if thechosen dependency route has 1500 installs with a confidence factor of98%, the administrator would still be requested to interact during theinstallation.

When a client requests a software application to be installed on asystem, optimization of the system prior to installation is anotherconsideration. A client may request that Apache 5.5 be installed in oneof many ways. Although the software boundary overlay of Apache 5.5 doesnot change, the dependency route plotted through this overlay may changedepending of the installation choice made by the customer. For example,the system administrator may wish to install Apache 5.5 with aconfiguration including: 1) the least number of software elementsrequired; 2) the least disk space needed; 3) the least errors reported;or 4) the latest security updates. Each one of the options orcombination of options may result in a slightly different dependencyroute. In order to analyze and plot a dependency route, the routemanager will also consider the current state of the client's system. Asstated above, the client's software agent will upload the client'scurrent software manifest to the route manager for analysis.

In one embodiment, it is possible that the current state of the client'scomputing system will require some changes in order to install the newapplication based on the preferences chosen by the system administrator.For example, the client's computing system may contain no software otherthan a fresh installation of the Solaris 9.0 OS. If the administratorwishes to install the most stable version of Apache web server, a numberof changes or optimizations to the current client system may berequired. For example, in order to install the most stable version ofApache, Solaris may need to be upgraded from version 9.0 to version 9.1(release B). Such a change may be unacceptable to the administrator, asthey may plan on installing an additional application that requiresSolaris 9.0.

When a dependency route is being calculated by the route manager, asdiscussed in regards to FIG. 14, any required changes to the existingclient's software configuration or versions will be provided to thesystem administrator. Assuming the changes are acceptable to theadministrator, the software agent will apply these changes to theclient's system before installation of the new software applicationbegins. If the changes are not accepted, a different installation and/orpreferences must be redefined such as installing the most stable versionof Apache that works on Solaris 9.0.

In order to provide an accurate installation dependency route to aclient, it may be necessary to provide multiple iterations of the routeto the client. The reason for multiple iterations is due to thepotential of the first route being incomplete or inaccurate. Hence,additional routes may be needed, with each iteration improving on theerrors discovered in the previous route.

FIG. 16 is a flow diagram illustrating one method involved in presentingan accurate dependency route to a client computing system. As previouslydescribed, when the route manager receives an initial softwareinstallation request from a client device, the relevant portion of theclient software manifest is also submitted to the route manager(operation 1600). In a particular implementation, less than the entiresoftware manifest is sufficient for the route manager and othercomponents to generate a dependency route. The software agent running onthe client determines which portions of the software manifest arerelevant to the installation request and only transmits those portions.Logic is built into the software agent that permits the agent to analyzethe software manifest and the installation request and resolve whichportions of the manifest are likely needed by the service provider increating the dependency route based on the installation request. If theportion of the manifest sent is insufficient, additional portion may betransmitted as needed. Providing only a portion of the manifest reducesthe amount of information being communicated to and analyzed by theroute manager.

The route manager may next calculate a complete dependency.Alternatively, the route manager may calculate a rapid dependency routethrough the dependency map based on the software elements needed tocomplete the installation (operation 1610). A rapid dependency routedescribes the first route that is calculated based on a first passthrough the dependency map. This route may not be relevant to anyprevious routes or may not take advantage of confidence factors, etc.;thus it may not be the most optimal route. However, the rapid dependencyroute is the easiest to calculate since it is based on absolutedependencies. In other words, the calculated route only includesdependencies between elements that will always exists, such that aconfidence factor is ineffectual, as the dependencies are not optional.

In one embodiment, the dependency route is packaged as an XML file andtransmitted to the software agent on the client (operation 1620). Thisinitially transmitted dependency route is created in response to theclient request, and provides the client with an immediate response totheir installation request based on the portion of the software manifesttransmitted by the software agent. In this first “rapid” iteration ofthe dependency route, the route manager is more concerned with providingan immediate response to the client than providing a completely accuratedependency route which takes more time. Such an approach providesreal-time feedback to the system administrator, with accuracy refinementcoming after the system administrator chooses a route. As mentionedabove, it is possible to set forth an implementation that does notemploy “rapid” dependency route calculation, but rather transmits a morecomplete route.

Once the system administrator approves the dependency route, thesoftware agent on the client begins processing the dependency route(operation 1630). If there are no errors or problems with the dependencyroute, then the installation will complete successfully (operation1650). However, it is possible that the partially provided softwaremanifest is incomplete or not granular enough for complete determinationof the dependency route. In such an instance, the route provided by theroute manager may become invalid as the installation progresses. Thesoftware agent handles this issue by using a soft reference styleconnection to an element that does not exist in the current dependencyroute, but is known to exist. The software agent transparently initiatesa web services request back to the service provider and requests areroute through the dependency map (operation 1640) based on thedeclared soft reference. The route manager provides the rerouteinformation back to the software agent on the client (operation 1660),allowing the agent to continue installation. In one embodiment, thesoftware agent comprises both a main logic layer and a business logiclayer. The main logic layer is responsible for communication with theservice provider, as well as receiving dependency route information. Thebusiness logic layer is unaware of the processing of the main logiclayer. The reroute request is handled by the software agent's main logiclayer. Therefore, the business logic layer is unaware of the networkreroute. In other words, the business logic layer receives continuousinstructions from the main logic layer to proceed with the installation.If a change in the instructions, due to a network reroute, occurs at themain logic layer, the business logic layer is unaware of these changesand continues to receive instructions as if nothing has changed. Hence,the business layer of the software agent continues with the installationbased on the reroute (operation 1670) without knowledge of underlyingchanges that may occur. The installation continues until completion(operation 1650).

In order to perform a reroute, a number of parameters are considered bythe route manager. In a first parameter, the route manager determineswhether specific software modules are included as new in theinstallation request. This is often the case as these modules may not beexplicitly called out in the manifest. For example, a requested patch(Patch A) introduces a new library that has a side effect. Further,patch A is introduced to fix a security hole in an OS. Patch A may alsoinclude a new version of libSocket. Additional applications may uselibSocket and depend upon it based on its current version. The newversion of libSocket may have new changes in the functional profile oflibSocket, such that the applications that relied on the previousversion may stop operating correctly. In order to address such an issue,the route manager will create a reroute to include all of the updatedapplications based on the new version of libSocket.

A second parameter that may be considered by the route manager whenperforming a reroute is a historical request. As previously stated, thedependency map maintains historically successful installation routes. Ifa client requests an installation that matches one of these historicalroutes, the reroute will include this additional information which mayreduce the information included in the re-request. This acts as apredictive model for the routing system by utilizing historicallysuccessful route information when possible.

The third and last parameter that may be considered by the route managerduring rerouting is a declared dependency in the software installed onthe client system that is not included in the dependency map. This willusually occur for custom software packages that are already installed onthe client system yet are unknown to the dependency map.

In order for a software agent to install a software application based ona given dependency route, the portion (i.e., actual files) of thedependency map that encompasses the route is needed by the softwareagent. It is possible to host some or all of the files of the dependencymap on each client system. However, the size of the map could be solarge that local storage would be impractical. Accordingly, in oneimplementation, the service provider is configured to stream orotherwise transmit the relevant portions of the dependency map to theclient system.

Further problems may arise due to potentially unrecognized dependencieson the client system that are not included in the software manifest. Inresult, the initial portion of the dependency map streamed to the clientmay be incomplete or inaccurate based on unrecognized dependencies inthe software manifest that was communicated to the service provider. Aspreviously stated, an unrecognized dependency can occur if a systemadministrator manually removes files from the system. For example, thesoftware agent may not be aware of such manual changes, hence thesoftware manifest is not properly updated with such changes. Thisresults in a differences between the client manifest and the actualfiles on the client system. As such, it is possible that the actualdependency route may need to change once the installation begins.Therefore, in one particular implementation, the relevant portions ofthe dependency map are divided into multiple pieces and transmitted inphases.

In an example, once the client submits the initial install request, thatrequest is sent back to the service provider where the request isanalyzed. The initial portion of the dependency map, which may involveroot software elements relevant to the request, is returned andprocessed for install by the software agent. This is the first phase ofthe installation, which involves installation of the root softwareapplication. Next, the total route length is calculated. The routelength is defined as the number of individual software elements thatcomprise the dependency route. Based on the confidence factors of eachdependency in the route, the route is calculated at specific steps alongthe way such that the entire path may not always be known from thestart. In other words, as the dependencies between each element in theroute are calculated with a summarized confidence factor, the route maychange if the confidence factor drops below a threshold. As long as thesummarized confidence factor of the dependencies maintain above thethreshold, the route will continue without deviation.

In another embodiment, a route may be recalculated if the softwareelements already installed on the client require the route to bechanged. Such a situation arises when software is present on theclient's system, yet is not explicitly declared by the softwaremanifest. An example might be if a library that is versioned and has adependency present based on a symbolic link. If route calculation drivesthe software agent to an unresolved software dependency on the localdependency map, hosted by the client, a request will be sent to theservice provider causing calculation of an additional segment of thedependency map, which is subsequently streamed to the client. This routecalculation is based on the route path that has been recalculated by thesoftware agent on the client. The service provider follows the routepath and sends back the relevant part of the dependency map to theclient. The client then continues its installation until completion.This recalculation can occur many times and is highly related to thesize and complexity of the installation job that is requested by theclient.

Aspects of the present invention may further involve the inclusion ofconfidence factors with a dependency route provided to a client from theservice provider. As previously described, the service provider oftentransmits multiple dependency routes to the client. Each of the routesmay have a confidence factor. These confidence factors provide a systemadministrator with a weighted scale of which route will likely result ina successful installation. Confidence factors for each dependency routecan change based on a variety of factors. As installations are attemptedon client devices based on a given dependency route, the serviceprovider system collects the successes or failures of the installations.This collected data is provided to the service provider system asfeedback from the software agents based on each installation in oneparticular embodiment. As a specific dependency route results in moresuccessful installs, its confidence factor increases. In contrast, if adependency route results in failure, its confidence factor isdiminished. In the end, the best choice for the client will be providedby understanding successful installations that have previously occurredand using this information to provide the best solution.

Confidence factors explicitly apply to dependencies between individualsoftware elements. Whereas, a confidence factor of an installation routemay be implicitly represented based on the average of the confidencefactors for each dependency within the route. For example, if adependency route has three dependencies with confidence factors of 100%,65% and 75%, the average confidence factor of the dependency route is80%. The value of each confidence factor may change over time. As moreinstallations are performed and feedback received from software agents,the confidence factor of each dependency between two software elementsbecomes more valuable. For example, if feedback from a particularinstallation route is positive (e.g., successfully installed), theconfidence factor for each dependency in the route is increasedaccordingly. In result, the implicit confidence factor of theinstallation route is also increased, based on the average of theindividual confidence factors from the dependencies that represent theroute. As such, the more installations that have provided feedback on adependency route, the more valuable the confidence factor of eachdependency within the route becomes. In an example, dependency route Aconsists of 1000 dependencies with an average confidence factor for thedependencies of 100%, based on three installations. Dependency route Bconsists of 1000 dependencies with an average confidence factor for thedependencies of 78% based on 450 installations. The averaged confidencefactor of dependency route B may be more valuable that dependency routeA based on the frequent use of dependency route B.

In order to build a confidence factor for an individual dependency or anentire dependency route, the service provider may receive feedback fromsoftware agents during client installations. In one particulararrangement the software agent is configured to monitor the installationfor errors. During an installation, any errors detected by the softwareagent are sent to the service provider hosting the dependency map. Thesoftware agent may send the actual error string, the software elementthat caused the error and the current location within the route wherethe error occurred. To begin analysis of the errors, the serviceprovider will launch an analysis service to begin parsing the errorstring. The analysis service identifies references to any files that mayhave already been installed on the client system prior to theinstallation. This may point to problems with pre-installed files. Forexample, an existing application may have already experienced runtimeerrors. Hence, the previous state of the client system may alreadyexperience problems.

Further, the analysis service also identifies references to any knowninstallation problems such a disk space, file system errors or otheroperating environment problems. As such, the software agent, with theassistance of the analysis service, constantly monitors the clientsystem for failures, as well as other issues such as disk spaceutilization and speed of installed applications, which are reported backto and included as features of individual software elements and/orinstallation routes. Software elements and routes also have otherfeatures such as a version number of the related software file, securityupdate status, and the like. In one embodiment, the agent monitors filesystem utilization and the system error log. When the agent detects anyerrors, the error is correlated to specific files on the client system.The software agent can then communicate this error back to'the serviceprovider as an error of a dependency between two software elements.

Once an error in an individual dependency has been addressed by theanalysis service, the dependency is flagged with the error as well asthe reason, if known. This error and its reason are stored as attributesof the dependency. The confidence factor of the dependency is nowreduced due to the new error. In one embodiment, the confidence factoris calculated by taking the number of installations involving thedependency divided by the number of successful installations to generatea new confidence value.

As previously described, in one particular arrangement, in order for asoftware agent to install a software application on a client system, aportion of the dependency map is streamed to the software agent alongwith a manifest of each software element to be installed. In oneembodiment, the software agent may perform a pre-installationverification check to verify that the dependency route chosen willinstall without errors. However, such a check is not mandatory. Further,a threshold confidence factor may be implemented such that apre-installation verification is only triggered if the confidence factorfalls below the threshold. For example, the software agent may beconfigured to only perform the pre-installation verification if theconfidence factor of the chosen dependency route is below 65%.Therefore, a pre-installation verification would not occur on adependency route with a 98% confidence factor as its chance for successis very high. The threshold may nonetheless be set at any value desiredby a system administrator at either the computer-specific level orapplying enterprise-wide.

Even with a reasonably high confidence factor, it is still possible thatan installation based on a chosen dependency route may fail. FIG. 17 isa flow diagram illustrating a method for performing a pre-installationverification. A pre-installation verification may reduce the opportunityfor installation-time errors by illuminating such errors during thevalidation process. In order to perform a pre-installation verification,the software agent receives the relevant portion of the dependency mapneeded for installation, which includes a manifest that lists eachsoftware file needed for installation (operation 1700). Once thedependency map has been received, the software agent scans the manifestof the dependency route to verify that all the files and symbol-baseddependencies needed by the installation presently exist on the clientsystem (operation 1710). As described above, symbol-based dependenciesare dependencies declared within the symbol table of each executablefile. If a missing dependency or software file is discovered during theverification check, the software agent requests the missing file fromthe dependency map (operation 1720). The dependency map locates andtransmits the file back to the software agent (operation 1730). Once themissing file is received, the verification continues until each file anddependency has been determined to reside on the client system.

FIG. 18 is a block diagram illustrating another embodiment of thearchitectural components of a dependency route calculator thatadditionally stores information about successfully installed routes. Inorder to identify successfully installed routes in the dependency map, athird dependency map overlay is provided, known as a route calculationoverlay 1810. This type of overlay represents each dependency route usedto install or remove any software applications managed by the dependencymap. In order to track the success or failure of dependency routes, thesoftware agents 1350 provide results of the installation includingwhether the installation was successful and if not where theinstallation failed. In one embodiment a software installation monitor1830 is responsible for monitoring a software installation. If anyerrors or warnings are detected by the installation monitor 1830, theinformation is passed to the software agent, who in turn relays theerror to the service provider. As previously described, a communicationfeedback loop 1303 may exist between the software agent 1350 thatperforms the installation and the route manager 1305. Softwareinstallation or removal is monitored by the software agent 1350. If adependency route is successfully (or unsuccessfully) installed orremoved, the success (or lack thereof) is transmitted back to the routemanager 1305. If the dependency route already existed as a routecalculation overlay, than the confidence factor of that overlay isupdated with the success received from the software agent 1350. Anattribute of the route calculation overlay tracks the total number ofsuccessful and unsuccessful installations. This attribute is thenincremented based on the success of the installation.

Another attribute of the route calculation overlay stores a timestamp ofeach installation attempt. This attribute allows for queries to be madeas to how many successful or unsuccessful installs have occurred as wellas the date and time of each install. On the other hand, if the specificdependency route did not exist, the route manager 1305 creates anoverlay of the dependency route and provides an initial confidencefactor to the overlay and a first value in the timestamp attribute. Inone embodiment, the initial confidence factor is set to zero, as no datahas been provided.

When the dependency map 1310 is initially created, no route calculationoverlays exist. As installations occur, calculation route overlays arecreated. Over time, the number of overlays and their timestampattributes will increase. However, it is likely that after a certainperiod of time, the number of unique route overlays may stabilize afterthe initial increase, as there are a limited number of installationpaths available.

As stated above, the route manager 1305 considers the start point andend point of the client when building a dependency route for the client.The route manager 1305 searches the route calculation overlay 1810 forall possible routes along with their corresponding confidence factor. Inone embodiment, it is possible that a route overlay may not exist thatwould include each software element needed to get the client from theirstart point to their end point. In such a circumstance, some level ofdeviation between the start point and end point may be allowed such thatthe finalized dependency route is slightly modified based on thedifferential between the start point and end point. In such anembodiment, it may be preferable to provide a slightly deviated routeoverlay that has been successfully installed rather than a completelycustomized overlay that has never been installed. Once all thedependency routes are calculated by the route manager 1305 they arepassed to a route matcher 1825 which attempts to find exact matches inthe route overlay followed by a degrading analysis to find nearestmatches. In one embodiment a 10% deviation (i.e., the number ofdifferent software elements between the preferred route and the deviatedroute is 10% or less) is acceptable. For example, if the preferred routehas 1000 elements and the deviated route has 980 elements of which 910of the elements are the same, the deviated route would fall within 10%deviation.

The nearest matched routes are then analyzed around the start and endpoints to see how important the deviation is and if it can belegitimately corrected. Based on the possibility of a deviation, theconfidence factor for a given route may also change. In one embodiment,the route manager 1305 may calculate the overall confidence factor basedon the following equation: Route confidence=(0.1(1+Number of times routealready used)*base dependency confidence calculation ofroute)/dependency confidence of any deviation from route. The aboveequation may promote the continued reuse of a route that has beensuccessfully installed and reflects that the more use it has the lessthe risk the deviation becomes.

One consideration to be addressed by a service provider hosting adependency map is the physical storage requirements for hosting thedependency map and all its software applications. One approach tostoring this data is a software warehouse. Large amounts of disk spacemay be needed to store the dependency map data. For example, a singlesoftware application may require multiple gigabytes of storage space.Hence, a software warehouse storing hundred of applications and OS couldreach well into the multiple terabyte range of storage space. Over time,the number of software applications stored in a software warehouse maycontinue to grow. Not only may the number of different applicationsincrease but the number of versions of each application may increase aswell. It is possible that the size and cost of storing all this data maybecome prohibitive unless measures are taken to phase out certainapplications from the software warehouse based on differing criteria andto only store current software.

One approach for determining whether to phase out software or keep it ascurrent, is to base the decision on the support of the actual softwarevendor. If a given software vendor happened to provide support for onlythe current and previous two versions of their operating systems, thenthere would be little need for continued hosting unsupported operatingsystems. Each software vendor has their own rules on how far back theywill support their software versions. Hence, a vendor by vendor analysismay be used to determine when software versions can be phased out of thesoftware warehouse.

Another approach for determining which software should be flagged ascurrent and which may be phased out is based on usage patterns fromcustomers (discussed as aging below). As previously stated, each time asoftware element or route is used in an installation, a timestamp isrecorded of its use. These timestamps may be used in determining thefrequency by which the software elements are accessed. An advantage tohosting software applications at the software element level allows foradded flexibility to phase out portions of a software application, whileonly maintaining the current portions. For example, Apache 5.5 may have10,000 software elements that comprise the entire software boundaryoverlay. Of these 10,000 elements, actual dependency routes may onlyinclude 5000 of the software elements over a specified period of time.Therefore, it may be possible that the unused software elements are nolonger needed, and may thus be phased out (removal from warehouse orotherwise as discussed below).

FIG. 19 is a flow diagram illustrating operations involved indetermining which software elements to phase out (also referred to as“aging”). An aging process controlled by the dependency map periodicallyanalyzes the map and the recent time stamps associated with eachsoftware element (operation 1900). The aging process analyzes eachsoftware element and determines the amount of recent use and assigns theelement a use factor (operation 1910). The use factor is determined bythe number of times the software element was accessed over apre-determined time period.

Next, the aging process analyzes the number of dependencies connected tothe software element and the confidence factor of each dependency. Sincedependencies have a confidence factor tied to them, the confidencefactor of each dependency is summed and an average is drawn across allthe dependencies for the element (operation 1920). A pre-determinedthreshold value exists to determine whether to age the software element(operation 1930). In one arrangement, if either the use factor or totaldependency confidence factor fall below the threshold, the softwareelement is aged (operation 1940). In an example, the threshold value is42%. Software element A has been assigned a use factor of 47% based onit use over the past 30 days. Element A also has three dependencies,each having a confidence factor of 20%, 90% and 10%, respectively. Theaverage confidence factor of element A's dependencies is 40%. Hence, theuse factor of 47% is above the predetermined threshold of 42%. However,the confidence factor of 40% falls below the threshold value, resultingin the software element being aged. In another embodiment, a softwareelement is not aged unless both the use factor and the total dependencyconfidence factor fall below the threshold value. The method describedabove is merely an example of how software elements may be aged. Assuch, additional methods may be used to determine which softwareelements may be aged.

Once a software element reaches a certain age, it may be removed fromthe dependency map, or otherwise identified as “aged”. In a first levelof aging, a file represented by a software element may be moved from theprimary hard disks that comprise storage for the software warehouse to aslower retrieval mechanism such as tape drives or slower disk drives(e.g., slower seek times, RPMs, cache, etc.) In this level, access tothese elements are still possible, but with reduced retrievalperformance. In a second level of aging, software elements that have notbeen referenced through dependency routes are aged into an offlinestorage. The elements are no longer maintained in the dependency map,however, a link to the elements still exist. After 90 days, thereference from the dependency map to the element is removed. In anotherapproach, the file represented by the software element is also removedfrom the software warehouse. However, a log is maintained of previouslyremoved elements for future retrieval if needed.

The purpose of aging software elements and removing them from thesoftware warehouse is to reduce the exponential size of the warehouse.As software applications are added to the dependency map and thewarehouse, the warehouse increases in size. As a relational databasegrows in size, its performance diminishes. The “aging” process permitsthe dependency map to continue to add software applications anddependency routes, while maintaining acceptable performance in theunderlying warehouse that hosts the software applications.

Another consideration for a service provider hosting a dependency map isthe division of software applications that occurs across multiplevendors. It may be the case that a single service provider will not hosta dependency map and software warehouse for all software applicationsacross different vendors. Accordingly, in one implementation, dependencymaps from different vendors are linked together. In one example, eachsoftware vendor, or other party hosting a dependency map may have linksto other dependency maps, allowing a customer to access dependencyroutes across multiple vendors.

In one arrangement, the linking of vendor specific or other separatedependency maps provide a virtual dependency map. The virtual dependencymap is accessible by the software agent on each client. The virtualdependency map is an accumulation of many separate vendor maps. Eachvendor dependency map knows the location of every other vendordependency map by way of one or more soft references to the other vendordependency maps. These references are in effect dangling references, asdiscussed above, that will be fulfilled when connected by dependenciesfrom other dependency maps based on a request made from a customer toinstall applications that span two vendors. Hence, a plurality ofindividual vendor-hosted dependency maps can be connected to each otherwhen needed.

In an example, a customer may wish to install Apache 5.5 on Solaris 9.0.In this example, two different vendors supply the software applicationsand host the dependency maps, thus two different dependency maps areaccessed. The software agent on the customer's client system may queryone dependency map for the optimal dependency route for installingSolaris 9.0. Next, the software agent on the client system identifies asoft reference to the Apache dependency map. The software agent uses alookup request to obtain the uniform resource indicator (hereinafter“URI”) of the Apache dependency map that fulfills the soft reference.The two separate maps are thus functionally combined to create a“virtual” map for the purpose of providing a dependency route installingApache 5.5 on Solaris 9.0 of a target computer.

In another embodiment, the use of soft references to connect multipledependency maps can be used in an opposite approach by dividing a singlelarge dependency map from an organization into smaller and moremanageable maps. Each dependency map would have a soft referenceallowing it to be connected to the other dependency maps within theorganization. In one embodiment, each map could be divided acrossproduct lines, vendors, or other division criteria.

V. Enriching the Dependency Map by Monitoring Software Installations andPerformance

As described in Section IV, dependency routes include attributes thatstore additional information about a dependency route. Such informationincludes the number of successful and unsuccessful installations basedon the route as well as timestamps for each installation attempt.Tracking installation-time success and failure is not the extent of theinformation that may be associated with each route. In addition,tracking run-time failures as well as performance data is also possible,besides other information. In order to track this type of information,additional modules may be coupled to the software management agent asshown in FIG. 20. FIG. 20 is a block diagram illustrating anotherembodiment of the architectural components of a software managementagent that tracks and analyzes information about run-time failures andperformance statistics of successfully installed routes. In thisembodiment, the software agent 1350 further includes one or moresoftware error detection modules 2010 and software performance analysismodules 2020.

In one embodiment, run-time errors and execution analysis is performedby the software error detection module 2010 which may include twosub-modules; an event detector and a log file watcher. The eventdetector is configured to detect problematic events in the software thatis being installed by the software agent. The event detector may beconfigured to perform simple network management protocol (“SNMP”)sniffing, core or memory image dumps, java stack detection, etc. Bycontrast, a log file watcher tracks pre-determined log files looking forconventional textual entries associated with system error logs orapplication specific error logs.

The software error detection module 2010 is further configured toreceive input from the system administrator regarding the type of errorsto monitor and how to determine if such errors should be flagged. Hence,each error detection module includes a definition construct, defined bythe system administrator, describing the module's responsibilities. Inthe case of an event detector, the definition construct describes whichtype of events to monitor and whether a given event type should bedefined as an error. In the case of file log watcher, the definitionconstruct describes which type of log files to monitor and which type oflog events should be flagged as an error.

In one particular arrangement, there are individual software errordetection modules 2010 for each application on the client's system. Thesoftware agent 1350 then uses these modules to watch for errors that areassociated with individual software applications. As errors are detectedby the individual software error detection modules 2010, the softwareagent 1350 periodically sends these errors and the client softwaremanifest back to the route manager 1305. The route manager is furthertasked with applying these errors to the dependency route or routesassociated with the error in question. The error is then computed intothe existing confidence factor, thereby reducing the factor to somedegree.

The tracking and analysis of performance data is similar to trackingerrors such that software performance analysis modules 2020 are deployedto monitor the performance of each software application installed on theclient's system. In one embodiment, there may be only one softwareperformance analysis module 2020 configured to monitor all the softwareapplications. In another embodiment, there may individual analysismodules 2020 for each software application. The module is configured todefine what type of performance variables to monitor and for whichsoftware applications. Such performance variables may include, but arenot limited to, the timeframe required to execute certain functions, thenumber of processor clock cycles for performing a function, etc. Onceperformance information is gathered by the analysis module 2020, theinformation may be submitted to the route manager 1305 along with thedependency route used to install each software application. In oneembodiment, a performance rating may be applied as an additionalattribute to dependency routes. Once additional performance informationis submitted to the route manager, the performance information may beaveraged into the existing performance rating.

Further, the performance rating of this route may be compared to theperformance ratings of additional routes. This permits the route managerto order other dependency routes, with the same software configuration,based on performance.

VI. Software Installation Simulation and Intelligent SoftwareDe-Installation

Another feature of using a dependency map to create a softwaredependency route is the possibility of simulating a softwareinstallation. By understanding the precise state of a start point, theexact installation effects of a request can be simulated using avirtually provisioned operating system. Such a simulation can allowsystem administrators to see the effect of the installation withcomplete accuracy, yet without having to physically install thesoftware. There are many benefits to simulating a software installation.For example, a requested installation of a software application maygenerate a dependency route with a low confidence factor. Accordingly,the administrator may wish to test whether the install is likely to workin their environment without having to install the software beforehand.In another example, a returned dependency route may have little or noconfidence factor weighting tied to the route. This would be the resultof very few, if any, installations having been attempted with the route.Running a simulation allows an administrator to verify whether theinstallation will be successful.

FIG. 21 is a flow diagram illustrating the operations for performing asoftware installation simulation. When an administrator requests asimulation of a software application, they would proceed by defining therequest through the software agent on the client system (operation2100). The simulation request would be similar to a traditionalinstallation request in that the system administrator would define theapplication to be installed and any special configuration options theyrequire. For example, they may wish to simulate the affects ofinstalling the latest version Apache 5.5 on Solaris 9. Once the requestis relayed to the software agent, the request, its configurationparameters and the current manifest of the client are transmitted to theroute calculator (operation 2110). The route calculator uses thedependency map to back trace the software elements needed to install thesoftware based on the manifest (i.e., start point) of the currentsoftware inventory on the client system (operation 2120). As with actualinstallations, the service provider will often return multipledependency routes that meet the criteria of the simulation request. Eachroute may also comprise confidence factors, allowing the administratorto decide which route to simulate (operation 2130).

In order to simulate an installation of a software package a mirrorimage of the client's system is needed. This includes a virtuallyprovisioned OS as well the other software applications and serviceswhich resides on the client. By having a copy of the client's manifest,the route calculator can create a virtual dependency map of the clientOS and the other applications and services that exist on the client(operation 2140). Next, a dependency route is created for the OSresiding on the client system (operation 2150). This route includesevery software element and dependency needed to rebuild the OS exactlyas it exists on the client system. Next, a separate dependency route iscreated for each software application and service that exists on theclient system (operation 2160). Lastly, the simulated dependency routeselected by the administrator is provisioned. In one embodiment, aplurality of dependency routes exist (e.g., one route for the OS and oneroute for each software application on the client) that may be joinedtogether into one large route (operation 2170). It is possible thatjoining two dependency routes together is straightforward if all thedependencies between the two routes are already realized. However, it ispossible that an interim dependency route may need to be created toconnect unrealized dependencies between the individual routes.

Once all the dependency routes have been joined, the complete route isvalidated by verifying the dependencies of the elements in the route andresolving any dependencies that are incomplete (operation 2180). In oneembodiment, this validation is a step-by-step model that creates a stackof all the software elements created and their dependencies. The stackis responsible for storing the validation results. Upon completion ofthe validation, verification is made that there are no danglingreferences (operation 2190). However, if any dangling reference arereported from the validation process, the dangling reference is returnedto the system administrator and the validation process halts. Since adangling reference is typically not permissible in the installation of asoftware application, the simulation shows that the simulated dependencyroute would not be installed successfully.

One type of issue that a simulation may be unable to recognize or fix isthe possibility that some piece of software needed for an installationis unavailable. In other words, it is possible that the softwaremanifest of a client system includes a dependency that is unforeseen orunrecognized by the service provider. Hence, this embodiment focuses onthe need for on-the-fly resolutions of problems in the installationphase that may not be recognized during simulation or analysis ofdependencies. As previously stated, each client system contains asoftware manifest that lists every software element on the clientsystem. When a client requests software to be installed, the clientmanifest is uploaded to the route calculator by the software agent.Access to the manifest permits the route calculator to determine thestart point of the client's system. If the client manifest is incorrectfor some reason, then the dependency route created by the routecalculator may cause installation-time errors.

Normally the items contained in the client manifest are updated assoftware applications or services are installed or deleted. For example,if a software service is deleted from the client, each file that hasbeen removed is reflected in the manifest. Under most circumstances themanifest accurately reflects the current state of the client system.However, a client manifest may have inaccuracies for a number ofreasons. One common situation that may cause inaccuracies occurs whenmanual changes are made to the client system by a system administrator.For example, a system administrator may have Solaris 9 installed on theclient. By default, CoreLoginServices, a module of Solaris, isinstalled. CoreLoginServices includes a number of individual loginshells for accessing a UNIX server. One of the login shells, sshd, is asecure login shell. It is possible for a system administrator tomanually delete this shell and its associated files to prevent othersfrom accessing the server from this method. However, a manual deletionof this shell would not show up in the client's manifest because themanifest is only updated based on changes that occur through the controlof the software agent. Therefore, if an administrator wishes to simulatean installation of Apache 5.5 on the client, the uploaded manifeststates that sshd exists on the client. In this case, Apache 5.5 may havea dependency on sshd. During a simulation, this discrepancy may not befound since the simulation uses the client manifest to determine thesoftware state of the client. Since the manifest does not show sshd asmissing, the simulation will not find this potential problem. However,during an actual installation the absence of sshd will likely causeinstallation-time errors.

One method for alleviating this situation is to add an additionalinstallation validation thread to the software agent running on theclient. This thread is concurrently active during installationsoccurring on the client. During an installation, this validation threadacts as a background process to the software agent running low levelvalidation checks of each dependency in the installation. Based on theabove example, the validation thread validates the integrity of each OScommand (e.g., sshd) by analyzing any potential log files created fromthe command being executed. In other words, this thread is tasked withisolating any dependency discrepancies that may occur during theinstallation that have not been detected during the initial routecreation or installation simulation.

FIG. 22 is a flow diagram illustrating the operations for validating aninstallation using a installation validation thread as described above.The validation thread works by analyzing each new software file that isbeing installed during a software installation. After a software file isinstalled, the thread identifies each dependency that exists in thedependency route for the software element associated with the file(operation 2200). If each dependency is accounted for (i.e., eachsoftware file that depends upon the installed element are found to existon the client system), the associated element is found to be completeand date stamped as an attribute to the element (operation 2210). On theother hand, if a file is found to have a missing dependency (e.g., sshd)the validation thread requests a pause on the installation (operation2220). The installed file is then forcibly de-installed (operation 2230)and a network request is sent to the installation map to identify themissing software element (file) (operation 2240). The dependency mapreceives the request, locates the missing element through a uniformresource locator (“URL”) reference or otherwise, and returns the missingelement to the client (operation 2250). The software agent thenreinstalls the software element as well as the missing software elementfrom the dependency (operation 2260). Once the validation threadre-validates the software element and all its dependencies as beingaccounted for, the element is time stamped for completeness and the maininstallation is unpaused and continues (operation 2270). This processcontinues through the entire installation until each individual softwareelement and its dependencies are validated and time stamped.

In one embodiment, user policy of a client system can be configured tospecify the level of validation to be performed by the validationthread. In a minimal involvement, the system administrator can specifythat the validation thread simply verify the existence of the filesdeclared in the manifest. Such an approach would be faster in itsexecution, but less thorough. For example, this approach would notvalidate the dependencies that exist between each software element, onlythat the software elements exist. In an intermediate involvement, theadministrator can specify that the validation thread validate actualfile permissions for all files declared in the manifest. In higher levelof involvement, the validation thread can be specified to performanalysis on the symbol tables for each executable in the dependencyroute. As previously stated, the symbol table for each executable filecontains all the dependencies related to the executable file. Forexample, the symbol table of the executable file called “ls” may showthat “ls” imports “PrtOut” which is a routine that allows the printingof text on an output display. PrtOut actually exists as a routine withina C library called libC. Therefore, analysis of the symbol table for“ls” would show that “ls” depends upon libC to operate successfully.

One of the benefits of simulating a software installation is todetermine whether an installation would be successful without goingthrough the actual installation process. However, there are times whenan installation is found to be successful yet there may be reasons thatan administrator may wish to back out of the installation after it hasbeen completed. Conventional approaches to de-installing software areconverging, in that they go forwards in time trying to merge back to astate that resembles the previously stored state of a system. Thisfeature is also known as check-pointing or convergent software rollback.In order to perform such a rollback, an administrator must create acheckpoint before an installation takes place. This checkpoint takes asnap shot of the client's current software inventory and configuration.If the administrator wishes to return to the checkpoint at some point inthe future, the system is actually moved forward by attempting to changethe system to conform to the previous configuration as defined in thecheckpoint. This often results in a mere approximation of the formercheck-pointed system due to the way conventional rollbacks are done atthe package level and not the file level.

Aspects of the present invention offer an approach of moving backward intime to return a system to substantially the exact previous state. Inorder to allow for such an approach, the dependency map described aboveimplements time tracking of each change to a client system. In order toimplement time tracking of manifest changes an additional manifest iscreated and stored on the client when an installation is performed onthe client. This additional manifest includes all of the dependencyroutes that were used to install all software applications on theclient. This additional manifest further includes a timestamp for eachdependency route used to install software. FIG. 23 is a flow diagramillustrating the operations for returning a computing system to aprevious state. When a snapshot is requested for a client system, all ofthe dependencies on the client are traced back through the dependencymap and the additional client manifest (operation 2300). This allows fora complete manifest to be created. The time-stamped information withinthe complete manifest allows for an accurate assessment of the routesthat were used to create them.

At some point in the future when the client requests the system to bereturned to the previous state represented by the snapshot, the softwareagent on the client recovers the new manifest and transmits it to theservice provider (operation 2310). This manifest lists all the rootsoftware elements, the dependencies associated with each root softwareelement, as well as a the root time dependency routes associates withthe root software elements. As previously described, a root softwareelement is an element that does not depend upon any other elements. Oncethe manifest is received, the service provider analyzes the historicaldata stored within the manifest and compares it to the dependency map toassess exactly what software elements and versions were installed at thetime of the checkpoint (operation 2320). Upon completion, an accurateassessment of the software load at the time of the checkpoint iscompiled and sent back to the software agent on the client (operation2330). The software agent then compares the previous software loadagainst the current software load and compiles a list of all thedifferences (operation 2340). These differences are then sent back tothe service provider where the dependency map is used to assess whatsoftware needs to be de-installed and in what order to accurately returnthe client system to its previous state (operation 2350). Since thedependency map stores the previously installed software for the client,it is possible to properly assess which software elements need to beinstalled or de-installed. In other words, a dependency route is beingconstructed where the start point is the current software manifest ofthe client and the end point is the manifest at the time of thesnapshot. Hence, the route contains all the software elements that needto be installed and de-installed to get the client from its start pointto its end point. Without such historically collected information, sucha de-installation approach as described would be extremely difficult ifnot impossible.

The service provider also uses the time stamped dependency routes fromthe additional client manifest to understand the differences. Thesetime-stamped dependency routes can be broken down into smaller routesand the differences isolated. Once the differences are understood,metadata stored in each root software element and their dependencies areused to create de-installation and re-installation instructions(operation 2360). Lastly, the instructions are returned to the softwareagent on the client who carries them out line by line (operation 2370).Once completed, the client system is returned to substantially its exactstate at the time the snapshot was created.

System administrators are often seeking ways to improve the performanceof their systems. Aspects of the present invention permit existingsoftware configurations on client systems to be analyzed by the serviceprovider to determine if changes could be made increase its performanceor remove unneeded software elements. In order for a client system to beanalyzed for possible performance increases, the client manifest istransmitted to the service provider.

In one embodiment, an additional attribute stores with a dependencyroute is performance statistics. The software agent installed on eachclient may monitor the run-time performance of an installation, based ona specific dependency route, and communicate this performanceinformation to the service provider. The performance data is then storedwith the dependency route. As additional performance information isreceived from additional clients, the performance rating of the route ischanged. If changes to a configuration are detected by the route managerthat may increase performance, a list of such changes may be complied bythe service provider and streamed to the software agent in the form ofdependency routes that would install and de-install software elements asneeded to change the installation of the software application to matchthe software elements that comprise the selected dependency route. Theservice provider could also provide performance information to thesystem administrator as a reason to perform the suggested changes.Further, such metrics could be used to give reasons why an updatedversion of an already installed application would be beneficial,resulting in additional revenue for the vendor or service provider. Oncechanges have been streamed to the client, they can be implemented by thesoftware agent.

In another embodiment, the service provider could further analyze theclient manifest to determine if there any installed software elements onthe client that are not needed for the current configuration. If suchelements are discovered, the service provider could transmit a list ofthe elements that may be de-installed along with a dependency route thatwould de-install these elements.

In order to build a confidence factor for an individual dependency or anentire dependency route, the service provider may receive feedback fromsoftware agents during client installations. In one particulararrangement the software agent is configured to monitor the installationfor errors. During an installation, any errors detected by the softwareagent are sent to the service provider hosting the dependency map. Thesoftware agent may send the actual error string, the software elementthat caused the error and the current location within the route wherethe error occurred. To begin analysis of the errors, the serviceprovider will launch an analysis service to begin parsing the errorstring. The analysis service identifies references to any files that mayhave already been installed on the client system prior to theinstallation. This may point to problems with pre-installed files. Forexample, an existing application may have already experienced runtimeerrors. Hence, the previous state of the client system may alreadyexperience problems.

Once an error in an individual dependency has been addressed by theanalysis service, the dependency is flagged with the error as well asthe reason, if known. This error and its reason are stored as attributesof the dependency. The confidence factor of the dependency is nowreduced due to the new error. In one embodiment, the confidence factoris calculated by taking the number of installations involving thedependency divided by the number of successful installations to generatea new confidence value.

Another solution available to system administrators through the use ofdependency maps and dependency routes is server software duplication. Itis common for a system administrator to substantially duplicate asoftware configuration across many servers. An example would be a largewebsite that has a large amount of Internet traffic. Conventionally, inorder for the website to manage the high traffic volume, a plurality ofservers and a load balancer are used. Each server would compriseidentical or substantially identical software configurations so thatsomeone browsing the website hosted by the servers would see the samewebsite no matter which server they were directed to by the loadbalancer. In any arrangement, it is possible for two servers to includethe same functional software arrangements, but nonetheless differ byhaving different device drivers, different network connection drivers,etc., when different hardware or network connections are associated withthe servers.

Conventionally, in order for a system administrator to conFIG. multipleservers with the same software a common set of software distributionsare created. The administrator would then use this distribution set tocopy all the software onto each server. One problem with this approachis the inability to track or fix deviations or performance enhancementsat the software element level, as the software would have been installedby the conventional package approach as described in the backgroundsection of the present application. In order to make changes to anexisting software configuration the administrator would need to makesuch changes manually on the first server and then duplicate this effortacross every other server comprising the same configuration. Dependingon the number of duplicate servers, this task may be extremely timeconsuming as well as prone to human error.

In accordance with aspects of the present invention, by using dependencymaps and dependency routes, a solution for providing duplicate orsubstantially duplicate software manifests and configurations acrossmultiple servers is possible. One method for duplicating software acrossmultiple servers is illustrated in FIGS. 24A and 24B. First, a systemadministrator makes a request to the service provider to make aduplicate configuration on a target server from the currentconfiguration on a source server (operation 2400). The request isuploaded to the service provider from the software agent on the sourceserver. As with all installation requests the software manifest of thesource server is also uploaded to and received by the service provider(operation 2405). Once the request and manifest is received, the routecalculator attempts to locate a dependency route that matches theinstallation manifest for the source server (operation 2410). In orderfor this to occur, a software agent is preferably installed at thesource server when it is first brought online. Otherwise, it isdifficult for the manifest to accurately reflect the current andhistorical software load of the source server since a software agenttracks changes to a manifest as the changes occur.

If an exact dependency route is not found or if the software agent wasnot installed for the lifetime of the source server, then a dependencyroute is calculated based on the currently supplied manifest. As with anormal installation request, it is common for a number of dependencyroutes to be presented, with each route including a confidence factorbased on the number of previously successful installations using thesame route (operation 2415). Upon confirmation of a preferred route, theservice provider streams the route to the software agent on the sourceserver (operation 2420). As with any dependency route for installing asoftware application, the route will include every single dependency onother software elements needed to install the application. For example,when installing Apache 5.5 using dependency route Y, there may be 1200software elements that the route depends upon. Therefore, all of thesesoftware elements should either exist on the client or be installedbefore Apache 5.5 is installed.

Once the dependency route is streamed to the software agent on thesource server, the software agent will analyze the dependency route andmatch it to the current software load on the source server (operation2425). If there are any differences between the software load of thesource server and the dependencies required by the dependency route,which is likely, the software agent will remove and install whateversoftware elements are necessary to ensure that the route accuratelyreflects the software load of the source server (operation 2430). Thepurpose of matching the source server's software load with all thesoftware elements and dependencies from the chosen dependency route isto ensure that the target server will end up with a substantialidentical software load as the source server once the target installsthe dependency route.

Once the source server's software load and the dependency route areequal, the target server is assessed. Depending on whether the targetserver has a software agent installed, two different installation pathswould be followed. If the target server does not have a software agentinstalled, a minimal OS is installed on the target which includes asoftware agent (operation 2435). In one embodiment, Bar MetalProvisioning is used as previously described. In this embodiment, a bareOS, along with a software monitoring agent, is provisioned onto thehardware machine, erasing any previously installed OS or applications.

Once the target server includes a software agent, or if it already hadone, the dependency route is streamed to the target server (operation2440). The software agent scans the current software manifest on thetarget server and creates a de-installation list of every softwareelement that is not part of the dependency route (operation 2445). Next,the software agent analyzes the file manifest of each software elementin the de-installation list and performs a file-level dependency checkon each software element to ensure there are no files that are createdat runtime but are not under the control of the software elementsmanifest (operation 2450). An example of such a file may be system-levelor application-level configuration files. If any such runtime createdfiles are found, they are flagged in a separate post de-installationlist. Once assessed, all the software elements and the de-installationlist are checked for additional dependencies which are then added to thepost de-installation list (operation 2455). After the software elementsand runtime files are deleted, the software load on the target servershould not have any additional software elements that are not part ofthe dependency map. Hence, the software agent only has to add softwareelements from the dependency map and not delete anything. At this point,the software agent carries out the installation as specified in thedependency map, resulting in a mirror image software load of the sourceserver (operation 2260).

Another advantage of managing software with a service provider model isthe ability to fine tune software configurations that are currentlyinstalled on a client system. As with all software applications,patches, bug fixes or new versions are continuously released by vendors.A vendor will often claim that the latest patch or version is always thebest. Often times, vendor support may be denied unless the clientupgrades to the current version or installs the latest patch. Thisapproach is often flawed, as a particular patch may fix one thing, yethinder others. As such, a system administrator may spend a great deal oftime trying to determine which patch causes the least problemsregardless of its release date.

A method for managing presently installed software configurations isdescribed below. As previously described, software dependency routesstored as overlays on a software dependency map represent previouslyinstalled dependency routes for one or more software applications.Confidence factors for each route are calculated based on the successrate of an installation based on a specific dependency route. It ispossible that a number of dependency routes exist for installing Apache5.5 on Solaris 9.0 update 1. Each route may have the same end result ofinstalling Apache 5.5, however, each route may have minor nuances thatdifferentiate them in some way. Out of each route, one may be the moststable, one may have better performance statistics and one may be themost secure.

In one embodiment, a software dependency map hosted by a serviceprovider comprises two type of nodes; major nodes and minor nodes. Eachtype of node is comprised of many individual software elements anddependencies. A major node is normally user-requested software thatdirectly relates to the need of the user. An example might be Apache5.5. Minor nodes are normally software that is installed in order tosupport the desires of the user. An example might be additional softwareelements that allows Apache 5.5 run with stability as its mainattribute. There are very few major nodes compared to the number ofminor nodes. For example, Apache 5.5 may have a single major node. Yetthere may be 10 different minor nodes that change the attributes of howApache 5.5 is configured.

In one scenario, a system administrator may want to check and see ifthere is a more stable install of Apache 5.5 on Solaris 9 (release B),than the current configuration on their client system. If such aninquiry is transmitted to the service provider, it is likely that theminor nodes that support Apache 5.5 are the nodes being analyzed withthe major node being untouched. The dependency map would analyze thecurrent configuration of Apache 5.5 based on the client manifest andattempt to find a dependency route that matches this configuration. Ifsuch a route does not exist, a new route is created and given a lowconfidence factor. Next, the dependency map compares this new route toexisting dependency routes, along with the confidence factors. Ifanother route is found to have a higher confidence factor (i.e., lessinstall or runtime errors and hence more stable) than the new route, itis selected for installation on the client system.

Before installation of the new dependency route, the software agent onthe client system performs a depth first search of the first of theleaves in the dependency graph. The software agent then works upwardfrom the bottom of the route reinstalling and updating software elementsas needed to match the software manifest of the client to the softwareelements and dependencies from the dependency route chosen forinstallation. Once the update of the client is complete, the routeinformation is uploaded to the dependency map for historical storage.

While the disclosed embodiments are described in specific terms, otherembodiments encompassing principles of the invention are also possible.Further, operations may be set forth in a particular order. The order,however, is but one example of the way that operations may be provided.Operations may be rearranged, modified, or eliminated in any particularimplementation while still conforming to aspects of the invention.Embodiments within the scope of the present invention also includecomputer readable media for carrying or having computer-executableinstructions or data structures stored thereon. Such computer-readablemedia may be any available media that can be accessed by a generalpurpose or special purpose computer. By way of example, and notlimitation, such computer-readable media can comprise RAM, ROM, EEPROM,DVD, CD ROM or other optical disk storage, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tocarry or store desired program code means in the form ofcomputer-executable instructions or data structures and which can beaccessed by a general purpose or special purpose computer. Wheninformation is transferred or provided over a network or anothercommunications link or connection (either hardwired, wireless, or acombination of hardwired or wireless) to a computer, the computerproperly views the connection as a computer-readable medium. Thus, anysuch a connection is properly termed a computer-readable medium.Combinations of the above should also be included within the scope ofcomputer-readable media. Computer-executable instructions comprise, forexample, instructions and data which cause a general purpose computer,special purpose computer, or special purpose processing device toperform a certain function or group of functions.

Those skilled in the art will appreciate that aspects of the inventionmay be practiced in network computing environments with many types ofcomputer system configurations, including personal computers, hand-helddevices, multi-processor systems, microprocessor based or programmableconsumer electronics, network PCs, minicomputers, mainframe computers,and the like. Various embodiments discussed herein including embodimentsinvolving a satellite or cable signal delivered to a set-top box,television system processor, or the like, as well as digital datasignals delivered to some form of multimedia processing configuration,such as employed for IPTV, or other similar configurations can beconsidered as within a network computing environment. Further,wirelessly connected cell phones, a type of hand-held device, areconsidered as within a network computing environment. For example, cellphones include a processor, memory, display, and some form of wirelessconnection, whether digital or analog, and some form of input medium,such as a keyboards, touch screens, etc. Hand-held computing platformscan also include video on demand type of selection ability. Examples ofwireless connection technologies applicable in various mobileembodiments include, but are not limited to, radio frequency, AM, FM,cellular, television, satellite, microwave, WiFi, blue-tooth, infrared,and the like. Hand-held computing platforms do not necessarily require awireless connection. For example, a hand-held device may accessmultimedia from some form of memory, which may include both integratedmemory (e.g., RAM, Flash, etc) as well as removable memory (e.g.,optical storage media, memory sticks, flash memory cards, etc.) forplayback on the device. Aspects of the invention may also be practicedin distributed computing environments where tasks are performed by localand remote processing devices that are linked (either by hardwiredlinks, wireless links, or by a combination of hardwired or wirelesslinks) through a communications network. In a distributed computingenvironment, program modules may be located in both local and remotememory storage devices.

1. A method for maintaining a software repository of software files usedfor installing at least a first software functionality comprising:maintaining a first software application within a primary storagefacility of the software repository, the first software applicationcomprising a plurality of software files wherein each software file isrepresented by a plurality of software elements maintained in a softwareinstallation map; updating a usage factor of a first software elementassociated with a first software file from the plurality of softwarefiles, the usage factor being a function of a number of times the firstsoftware file is installed during a first time period; and moving thefirst software file from the primary storage facility of the softwarerepository to a secondary storage facility as a function of the usagefactor.
 2. The method of claim 1 further comprising: comparing the usagefactor against a threshold value; and moving the first software filefrom the primary storage facility of the software repository to asecondary storage facility if the usage factor meets the thresholdvalue.
 3. The method of claim 2 wherein each software element maintainedin the software installation map has at least one associated dependencyand a confidence factor associated with the dependency; the methodfurther comprising: updating an aging value of the first softwareelement as a function of the confidence factor associated with thedependency.
 4. The method of claim 3 further comprising: comparing theaging value to a second threshold; and moving the first software filefrom the primary storage facility of the software repository to asecondary storage facility if the aging value meets the second thresholdvalue.
 5. The method of claim 3 further comprising: updating the agingvalue of the first software element as function of the confidence factorassociated with the dependency and the usage factor of the firstsoftware element; and moving the first software file from the primarystorage facility of the software repository to a secondary storagefacility as a function of the aging factor.
 6. The method of claim 2wherein each software element maintained in the software installationmap has at least one associated dependency and a plurality of confidencefactors associated with the dependency; the method further comprising:updating an aging value of the first software element as a function ofthe confidence factors associated with the dependency.
 7. The method ofclaim 6 further comprising: updating an aging value of the firstsoftware element as a function of an average of the confidence factorsassociated with the dependency.
 8. The method of claim 7 furthercomprising: comparing the aging value to a second threshold; and movingthe first software file from the primary storage facility of thesoftware repository to a secondary storage facility if the aging valuemeets the second threshold value.
 9. The method of claim 1 furthercomprising: deleting the first software file from at least one of theprimary storage facility and secondary storage facility as a function ofthe usage factor.
 10. The method of claim 3 further comprising: deletingthe first software file from at least one of the primary storagefacility and the secondary storage facility as a function of the agingfactor.
 11. The method of claim 9 further comprising removing thesoftware element from the installation map.
 12. A method for maintaininga software repository of software files used for installing at least afirst software functionality comprising: maintaining a first softwareapplication within a primary storage facility of the softwarerepository, the first software application comprising a plurality ofsoftware files wherein each software file is represented by a pluralityof software elements maintained in a software installation map, whereineach software element maintained in the software installation map has atleast one associated dependency and a confidence factor associated withthe dependency; updating an aging factor of a first software elementassociated with a first software file from the plurality of softwarefiles, the aging factor being a function of at least one of a number oftimes the first software file is installed during a first time periodand the confidence factor; and moving the first software file from theprimary storage facility of the software repository to a secondarystorage facility as a function of the aging factor.
 13. The method ofclaim 12 further comprising: comparing the aging factor against athreshold value; and moving the first software file from the primarystorage facility of the software repository to a secondary storagefacility if the aging factor meets the threshold value.
 14. The methodof claim 12 further comprising: deleting the first software file fromthe secondary storage facility when the first software elementrepresenting the first software file is not requested from the softwareinstallation map during a predetermined period of time after updatingthe aging factor.
 15. The method of claim 12 further comprising:deleting the first software element from the software installation mapas a function of the aging factor.
 16. The method of claim 15 furthercomprising: maintaining a log of deleted software files.
 17. The methodof claim 12 wherein the primary storage facility is a relationaldatabase.
 18. The method of claim 12 wherein the secondary storagefacility is a tape drive system.
 19. A system for maintaining a softwarewarehouse of software files used for installing at least a firstsoftware functionality used for installing at least a first softwarefunctionality comprising: a first storage facility for hosting aplurality of software files wherein each of the plurality of softwarefiles are represented by a software element maintained on a softwareinstallation map, wherein each software element maintained in thesoftware installation map has at least one associated dependency and aconfidence factor associated with the dependency; an aging moduleconfigured to monitor the plurality of software files and age a softwarefile as function of at least one of a number of times the first softwarefile is installed during a first time period and the confidence factor;and a second storage facility in communication with the first storagefacility, the second storage facility for receiving from the firststorage facility and hosting a plurality of software files when the ageof the software file meets a threshold.
 20. The system of claim 19wherein the first storage facility includes a high speed relationaldatabase and the second storage facility includes a tape drive system.